Wi-Fi threat for Gmail users

Gmail accounts are left open to attack on wireless networks because of a flaw in the way that Google handles SSL connections, claims a security researcher.

Wi-Fi threat for Gmail users

Gmail is capable of using SSL encryption, if the user places HTTPS before the URL, which protects data from eavesdropping.

The approach is very secure, but if the SSL connection fails, Gmail reverts to sending unencrypted data.

Such a failure can be easily provoked by a hacker, by sending a reset packet to the victim’s PC. This allows them to retrieve an unencrypted session ID, which can be used to masquerade as the victim, gaining access to their account.

Robert Graham, CEO of Errata Security, recently published a blog post on the technique, termed “side jacking”.

The researcher has developed two tools, Ferret and Hamster, which automate side-jacking hacks.

“This also begs the question why I distribute these if they are hacking tools. The answer is: because they demonstrate the problem. People don’t believe a problem exists unless they can see it for themselves,” says Graham.

Such vulnerabilities are not new, and similar attacks were widely demonstrated at last year’s DefCon hacking conference. However, this latest security threat in Gmail means that many users who believe themselves to be secure may in fact be vulnerable to attack.

Google was unavailable for comment at the time of writing.

Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.

Todays Highlights
How to See Google Search History
how to download photos from google photos