Cache Exploitation & Sidejacking (Session Hijacking)

Tools

* Firesheep Packet Sniffer on PC
* FaceNiff or DroidSheep on Android (rooted)
* Other MITM (man in the middle software; no packet injecting capable NIC needed!) For more on MITM attacks please click here (Schneier on Security; 7/15/2008).

The risk

The most common type of cache exploit can be seen using Firesheep which takes unencrypted data passed via cookies over a Wi-Fi network and reveals them (works well with social networks and sites that do not appropriately handle user data transmission).

Although some data may be handled via SSH (encrypted), the actual cookies, for logins are not on some insecure sites. Some social networks and heavily trafficked websites have sought ways of solving the problem but not all evolve accordingly. So long as they don’t, this exploit will work and has done so for many years.

These type of exploits could be known as the “The Starbucks Social Network Exploit” for all intents and purposes since places that offer free wi-fi are at risk.

Naturally ANY wi-fi network is at risk. As we see with Aircrack and WEP/WPA cracking, any reasonably secure network can run the risk of MITM attacks. Another way of bypassing security measures is by ARP poisoning once one has gained access to a network, assuming the identity of a networked computer. Another reason why you should only join relatively secure networks that allow SSH tunneling.

Protecting yourself

* Use SSH tunneling to connect to your VPN/proxy setup after connecting to open wi-fi.
* Always try to use SSL/TLS enabled variations of web pages (if you use Firefox please be sure to download and make use of the HTTPS Anywhere Addon).
* Use encrypted connections, using only protected wi-fi networks not public ones or at least trusted ones.
* Urge wi-fi network admins to monitor ARP tables and run appropriate IDS and conduct other server-side preventative measures.