Program allows unauthorized access on unsecured web connection


Save Story
Leer en español

Estimated read time: 3-4 minutes

This archived news story is available only for your personal, non-commercial use. Information in the story may be outdated or superseded by additional information. Reading or replaying the story in its archived form does not constitute a republication of the story.

SALT LAKE CITY -- Public Wi-Fi users, beware.

A relatively new program called Firesheep allows anybody on an unsecure Internet connection access to profiles and accounts of anybody else using the same network.

Program allows unauthorized access on unsecured web connection

Popular Wi-Fi hotspots like coffee shops, cafes, and even fast food restaurants like McDonalds have Wi-Fi connections. Often, those connections are free and don't need a password.

"I'm probably here at least twice a week," said Jarold Hines, who we met at a Sugar House café, "I buy and sell a lot on eBay, and so I use Paypal which is like online banking."

Those public Wi-Fi connections are where hackers using Firesheep can easily see what websites you are on and get your personal information.

Once someone downloads Firesheep to their laptop, they can quickly start seeing who else is using the same Wi-Fi network they are connected to, and what websites they are using.

That information is posted to the hacker's screen.


Just because you log into your account doesn't mean that someone else can't log into the account.

–- Pete Ashdown, President of X Mission


If the hacker sees someone is using Facebook, a banking website, an online shopping site, or any other sites that requires a password, the hacker can click on it and go there as if they were the real user.

It allows the hackers to access someone else's information in a few seconds.

"Firesheep is a plug-in for the Firefox browser that makes it very easy for an attacker to intercept information that is passed over an open wireless network," said Pete Ashdown, president of XMission Internet in Salt Lake City.

Ashdown said there are ways to protect your information.

First, he recommends only using secure networks.

"Just because you log into your account doesn't mean that someone else can't log into the account," he said. "It's that transmission of the password from your laptop or your computer to the destination that needs to pass over secure channels. If it doesn't, then it's at risk of being intercepted."


Firesheep is a plug-in for the Firefox browser that makes it very easy for an attacker to intercept information that is passed over an open wireless network.

–- Pete Ashdown, President of XMission


Ashdown also says there are other plug-ins available that can fight Firesheep and make you aware of who might be looking at your computer connection.

"Blacksheep is an example of a plug-in that can notify you if you are at risk of sending your password," said Ashdown, "and it will start showing you the different accounts that people have logged into. Just go to Google and type in Blacksheep."

Even though Firesheep is still new in the Internet world, Ashdown said people in the industry know about it.

"Amazon and most of the big e-commerce sites are pretty well aware of this problem, and so it's not as big of a risk there," said Ashdown, "But if you are buying from a smaller store on the Internet that may not be aware of the problem, stealing a credit card would be a primary risk of being intercepted."

Websites starting with https instead of http is also a good way to know your information is secure.

Ashdown says Firesheep was created to show Internet providers how unsecure personal information is.

"We should all be aware and protect out social security numbers, protect information about where we live, because that can all be exploited by somebody that wants to get credit cards," said Ashdown.

Wi-Fi users we spoke with said they'll be more careful about accessing websites with important personal information on free, public spots.

E-mail: acabrero@ksl.com

Related links

Most recent Utah stories

Related topics

Utah
Alex Cabrero

    STAY IN THE KNOW

    Get informative articles and interesting stories delivered to your inbox weekly. Subscribe to the KSL.com Trending 5.
    By subscribing, you acknowledge and agree to KSL.com's Terms of Use and Privacy Policy.

    KSL Weather Forecast