FireSheep – Why You Should Be Worried About Unsecured Wi-Fi Networks

You may have caught glimpses in the news about a Firefox add-on called FireSheep but you may or may not know of its capabilities and the implications it will have upon your interactions online. In a nuthsell, this add-on allows a user to see the social network activities that are taking place on an unsecured wireless network and then, with a click of a button, impersonate any user on that network.

It’s pretty frightening once you realise what that means but perhaps more so when the number of people completely unaware of the risks of operating or connecting to a completely insecure wireless network. All of a sudden, heading down to Macca’s or using the free Wi-Fi at the local coffee shop doesn’t sound all that appealing.

There are steps that all parties involved can take to tighten things up nonetheless.

Regular users like ourselves can use VPNs or remote access software such as LogMeIn or GoToMyPC to encrypt our traffic and divert our usage to another computer or network. Otherwise, at the very least, force the usage of SSL on websites such as Facebook by replacing the “http://” with “https://” (note the “s” after the “http “). Now, that can be a pain especially when it doesn’t stick but you can use another Firefox add-on called NoScript to force secure HTTP connections (I will write another blog to cover those steps).

From a website owner perspective enabling SSL for all transactions (not just for initial login) will also help prevent this problem from occurring and negate the need for users to manually (or automatically) force the use of secure HTTP. With modern computing platforms, SSL transactions are not that expensive in terms of performance so it seems strange that we would choose not to implement it by default.

The other perspective to consider is that of the owners of these affected wireless networks. All they need to do is turn on WPA2 with AES and use a simple password (such as the business name) to prevent this from happening. WPA and WPA2 prevents users of the same wireless network from seeing each others traffic as each stream is individually and separately encrypted. If you know of someone running an open wireless network then seriously consider urging them to change the default security to at least WPA.

With most things, change will only be undertaken when something rather bad occurs. FireSheep, whilst being proof of concept, makes it trivial for anyone to breach the security of users on an open wireless network. This could be exactly the sort of change that will spur the technology industry as a whole tighten things up sooner rather than later.

2 pings

  1. […] week, I wrote about FireSheep,  a newly released add-on for Firefox, allowed everyone including amateur hackers and snoopers the […]

  2. […] the fuss and debacle created by the release of FireSheep and the ability for people to easily impersonate others on popular social networking sites such as […]

Leave a Reply

Your email address will not be published.