Monday, August 06, 2007

Hacking Gmail Account by Capturing User Cookies

Browsing Gmail on your laptop using a Wi-Fi hotspot is proved to be insecure. Robert Graham, CEO of Errata security, demonstrated how easily this can be done.

Robert Graham, demonstrating GMail hacking

During the Black Hat 2007 security convention held at Las Vegas, Graham did a live demonstration on a journalist in the audience. This was done by capturing cookies, then cloning them into his browser. The victim was using a typical unprotected Wi-Fi Hotspot and his Gmail account popped on the large projection screen for 500 audience members to see.

With the help of Ferret application first he grabs cookies and session IDs of the target system. Then he clones the captured cookies and session IDs on his system with the help of Hamster application. Once the identity is cloned, Graham is able to jump on to online services like Gmail with full access to read and send email on behalf of the victim.

Robert would likely to make the attack tools publicly available via the company's website for anyone to download.

This type of attacks can hijack sessions in almost any cookie-based web application like Microsoft's Hotmail,Yahoo Mail and other social networking sites running on HTTP mode. 

In order to prevent such attacks when you use email clients in a public wi-fi hotspot use https:// instead of http://. To access secured Gmail point to the URL and for Yahoo Mail and Microsoft's Hotmail clicked secured login links displayed in the login page.

Microsoft Hotmail Secured Login Link

Yahoo Mail Secured Login Link

Read more about this from Robert blog Errata Security: SideJacking with Hamster