Firesheep on webOS Hacks Unsecured Data over Wi-Fi

It is now possible to use a Palm smartphone to hack into the accounts and data of others through Firesheep. Firesheep was originally a plug-in for the FireFox browser but has now been ported over to webOS as an app. The way the software works is by listening for internet traffic sent back and forth on a local network. As the video below demonstrates, the app can literally take over user sessions that you would assume are relatively secure.

Firesheep on webOS Hacking into Gowalla

Of course, HTTPS and SSL can thwart Firesheep but many sites (read the majority of them) still do not use the more secure protocols and instead rely on old-fashioned HTTP. Before you assume that you are safe just because your wireless router is secure, realize that a Wi-Fi network relying on WEP encryption can be hacked in minutes. Even the stronger WPA encryption method is still far more vulnerable to attack than you would think. Virtual private networks (VPN) look to be the best way to protect yourself and your data especially if you use your laptop at a coffee shop or other public Internet access points.

The Firesheep plug-in for Firefox was created by Eric Butler for the purpose of demonstrating just how insecure our digital world is and to prod companies to take steps to protect their users. From his blog,

“The risks of insecure websites have been known for years, yet over the years little to nothing has been done about what has become an incredibly widespread problem. In the three weeks since Firesheep was released, there has been some encouraging news that companies are waking up to the reality that HTTP is dead, and that full end-to-end encryption (HTTPS/SSL) is no longer optional but rather a requirement of doing business online.”

That’s encouraging but like Butler has repeatedly said, why haven’t companies always used HTTPS and SSL? The security vulnerabilities that Firesheep uses are not new and I am sure that hackers everywhere have been using them to steal personal information for years.

The webOS app version of Firesheep was developed by Youtube user omocopalm who lists his real name as Sebastian. He’s the one in the video. While someone using a laptop to hack personal data is scary enough, the fact that smartphones can easily do the same is downright terrifying. The next time you’re happily logging into a website, you might just want to look over your shoulder. That won’t help protect you from someone just walking around with a phone in their pocket, downloading everyone’s user information though. The fix needs to come from the companies that we rely on every day through the Internet.

What do you think about Firesheep and the webOS port? Let me know.

Tags: , ,