A new Firefox browser plugin released in late October 2010 is having a chilling effect on public WIFI surfing on the Internet. The plugin allows anyone to simply use their web browser to discover and hijack access to many of the most popular websites while surfing on a public, open (unsecured) WIFI network. In simple terms, this means if you surf the web from a local coffee shop or public library using unsecured WIFI (no password needed), then other users at that location can very easily gain full access to your web accounts like Facebook, Twitter and even Amazon. While this type of hack was possible in the past, it required a fair amount of technical prowess and specialized tools. Now it is as easy as installing this freely available plugin — This really is a game changer for public WIFI web surfing!
What can you do?
- Whenever possible, avoid accessing any personal accounts (and email) while you are connected to an unsecured WIFI network.
- Try to only use WIFI networks that have encryption (should show a lock on the WIFI network when browsing, and will require a password/code to acces the network).
- Consider installing and subscribing to a VPN service. A VPN service will encrypt all of your network communications, regardless of the type of network you are connected to. Here are a few products/services: Hamachi, HotSpotVPN, TrustConnect.
- If you have the ability to access the web via your cellphone (a process called tethering when used with computers), then use that access instead.
- If your browser supports plugins, look for a plugin that will force encrypted sessions (SSL) for popular web sites. For Firefox, one plugin is called ‘HTTPS-Everywhere’ and Chrome has one called ‘KB SSL Enforcer’. You’ll need to verify the website URL starts with ‘https’ (note the ending s) to ensure the connection remains secure for every page you visit.
Who is impacted?
Anyone using a computer (or ipod, cellphone, etc.) to access an open WIFI network. All types of computers, all types of operating systems, are vulnerable to this attack as it occurs at a network level. Again, an open network is one that is not locked (does not require a password). Most public WIFI, like the kind at coffee shops, public libraries and even hotels, are open and unsecured!
Who is not impacted?
If you using computers at the public library that are not connected wirelessly (i.e. they use an ethernet cable), those are generally safe. Surfing from your cellphone should be fine, as long as you are using the cellular network and not connected to a WIFI network. If the WIFI network you connected to is locked (requires a password to make the network connection), then your surfing is safe.
Video explaining more details on this plug-in and showing how simple it is to use.