Android: It was only a matter of time before an app like previously mentioned Firesheep came out for mobile devices to further prove how insecure many popular sites are. Like Firesheep, DroidSheep listens to network traffic and can capture session tokens.
This means people running DroidSheep can use victims’ accounts, gaining access to sites that don’t use a secured connection (there was recently news of a flaw in SSL and TSL that may make HTTPS vulnerable too, but that’s a separate issue). DroidSheep requires root privileges. While popular sites like Yahoo, Google and Facebook may not be vulnerable to DroidSheep, because of improved security measures, there surely are hundreds of others that are.
We’re not advocating you use DroidSheep; it’s just another reminder to assume that when you’re on a public network anyone may be able to sniff out and steal your cookies. Your best recourse is to use VPN or SSH tunnelling (see instructions for Android and iOS).
Leave a Reply
You must be logged in to post a comment.