Hacking into email over Wi-Fi 'easy'
Expert accesses Gmail accounts in demo at hacking convention
A hacking expert has demonstrated just how easy it is to intercept email over a Wi-Fi connection. The demo happened at the Black Hat security convention taking place at Ceasars Palace in Las Vegas.
Robert Graham, CEO of Errata Security, accessed the Gmail of a 'victim' in front of the press. According to TGDaily , Graham even took over another reporter's Gmail and sent messages between the accounts.
What's worrying is that the methodology really is very simple. First, Graham ran Ferret to sniff out the packets of data on the open Wi-Fi network set up for the expo. This software copies the cookies being sent across the access point. Graham then copied these into his browser with a tool called Hamster.
And, because he had the cookie, he could then gain password-less access to mail accounts. Graham demonstrated the methodology against different webmail providers. OK, so using any type of encryption in the process will disrupt the process. So what's the advice here? If you're on a public, open network, you should use a VPN or some other type of encryption (SSL-encrypted sites will stop the sniffing).
"You're an idiot if you use T-Mobile hotspot," Graham told TGDaily. "I see ten people's cookies on my screen, I just need to click on the guy's IP address and I'm in. Once you get someone's Google account, you'd be surprised at the stuff you'd find."
Get daily insight, inspiration and deals in your inbox
Sign up for breaking news, reviews, opinion, top tech deals, and more.
Dan (Twitter, Google+) is TechRadar's Former Deputy Editor and is now in charge at our sister site T3.com. Covering all things computing, internet and mobile he's a seasoned regular at major tech shows such as CES, IFA and Mobile World Congress. Dan has also been a tech expert for many outlets including BBC Radio 4, 5Live and the World Service, The Sun and ITV News.