- Burning Man's open source cell phone system could save the world
- Cisco patches bug that crashed 1% of Internet
- Skype under Cisco
- Security-as-a-service growing
- Burning Man is proving point for Earth friendly, Linux-based cell tower
Public Wi-Fi networks such as those in coffee shops and airports present a bigger security threat than ever to computer users because attackers can intercede over wireless to "poison" users' browser caches in order to present fake Web pages or even steal data at a later time.That's according to security researcher Mike Kershaw, developer of the Kismet wireless network detector and intrusion-detection system, who spoke at the Black Hat conference.
Black Hat's most notorious incidents: A quiz
He said it's simple for an attacker over an 802.11 wireless network to take control of a Web browser cache by hijacking a common JavaScript file, for example.
"Once you've left Starbucks, you're owned. I own your cache-control header," he said. "You're still loading the cache JavaScript when you go back to work.
"Open networks have no client protection," said Kershaw, who also uses the handle Dragorn. "Nothing stops us from spoofing the [wireless access point] and talking directly to the client," the user's Wi-Fi-enabled device.
Knowledge gained from researchers over the past year, he said, is showing that browser-cache poisoning over Wi-Fi can be kept in a persistent state unless the user knows how to effectively empty the cache.
"Once the cache is poisoned, it's going to stay there," Kershaw said. This means that an attacker can intercede to "poison the URL" of the victim so that he will see a fake Web page when they try to visit a specific Web site or try to insert a "shim" that could "ship your internal pages off to a remote server once you're in a VPN."
The few defenses Kershaw suggested were continuously manually clearing the cache, or using private-browser mode. "Who knows how to clear the browser cache in an iPhone?" he asked.
Kershaw acknowledged he doesn’t know how widely attacks based on poisoning the browser cache via 802.11 actually are. But the potential for trouble is so evident he said he'd advise corporate security professionals to try to "forbid users from taking laptops onto open networks," though he admitted, "Your users may lynch you." He said some vendors, including Verizon, are looking at solving this problem with a custom client that is tied to specific operating systems.
This story, "How Wi-Fi attackers are poisoning Web browsers," was originally published at NetworkWorld.com. Follow the latest developments in security at Network World.
Read more about security in Network World's Security section.
The Connected Enterprise
Comments (14)
BT4By Anonymous on February 4, 2010, 12:45 pmPeople are usually un aware of anything to do with computers, i have numerous users who should be banned from a keyboard
Reply | Read entire comment
another way..By Anonymous on February 4, 2010, 11:20 amwouldn't it be easier to just set your browser to delete private data upon closing..?
Reply | Read entire comment
someone with something to sellBy tpeacock56 on February 4, 2010, 11:35 amRead the very first part of this story, someone with something to sell, and a story to scare you into buying it.
Reply | Read entire comment
something to sell?By Anonymous on February 4, 2010, 11:47 amkismet is free software
Reply | Read entire comment
Browser insecurities and mobile usersBy John Cox on February 4, 2010, 3:27 pmJohn W. Cox senior editor Network World A number of interesting issues here.There are the PC browser vulnerabilities which have been known for some time, including,...
Reply | Read entire comment
iPhone cache clearingBy Anonymous on February 4, 2010, 8:03 pmTo clear iPhone's cache, go to settings, Safari, Clear cache.
Reply | Read entire comment
View all comments