And so, let the plug-in/counter-plug-in war commence! In the past week or so, there has been a lot said and written about FireSheep attacks in Cyberspace particularly in relation to public wireless networks which have generally been perceived as safe by most users in the past. When recently, it was announced that Google accidentally collected emails, usernames and passwords with its Street View cars, one would not have thought we would be talking about a similar incident so soon afterwards. Although stealing passwords is not exactly a new phenomenon, for example, ARP spoofing, which allows data to be surreptitiously routed through a rogue computer on a network has been known to be exploited for over a decade. However, what makes FireSheep different from these other point-and-click tools and login-hijackers is its simplicity and the fact that it does not require significant technical knowledge on the part of the user.
What is FireSheep?
FireSheep is a free, open-source Firefox add-on or plugin that was created by a Seattle-based software developer known as Eric Butler to allow anyone to scan unprotected/open WiFi networks and spy on activities of other users of that network who are logged into 26 major Web 2.0 Websites such as, Amazon, Facebook, Foursquare, The New York Times, Evernote, Dropbox, Windows Live, Twitter, Google, Bit.ly, Flickr, Amazon and so on. In other words, FireSheep, allows anybody to impersonate others by hijacking their session cookie.
Recently announced by Butler at the Toorcon 12 security conference, the plug-in is simple, user-friendly and works on Mac OS X, Windows with the Linux version reportedly on its way.
After installation, FireSheep adds a sidebar to the Firefox browser that captures login data and shows when anyone on an open network such as, an Airport or Coffee shop, visits an insecure site and consequently a simple double-click gives instant access to the logged-on sites.
How Does FireSheep Work?
FireSheep takes advantage of poor security on the part of the Websites that rely on cookies for authentication. While a user’s initial username and password details may be protected by means of SSL encryption, the cookie the site uses after a successful login is usually not protected or encrypted. This leaves the cookie vulnerable and as a result, in just a single click over an open WiFi connection, the unprotected cookie can be hijacked over the user account for that session.
A cookie consists of a small bits of information stored on a user’s computer by a Web browser that helps to keep login sessions going. It keeps the user logged in without having to identify him/herself again.
Therefore, it means that anybody with that cookie, from the same IP address such as a public WiFi hotspot at Airports and Coffee shops can pretend to be the user thus making it easy to intercept any session that is displayed in the FireSheep sidebar.
Limitations of FireSheep
Like every other HTTP session hijacking, while the hacker can access and use his victim’s cookies to browse a site such as Facebook, it is unlikely to expose the user-password. Thus, the account cannot be stolen by changing the user-password.