WiFi users beware! Accessing unprotected web sites (like Facebook, Twitter and Yahoo) from an open WiFi hotspot may open you up to a cyber attack called “sidejacking”. This can be done with free software called Firesheep.
Details
Firesheep is a free plugin for the Firefox browser, which allows attackers to monitor wireless hot-spots. Once a person logs in to their account, the attacker is able to steal their browser cookie (a process called “session hijacking” or “sidejacking”) and access the victim’s account with just a few mouse clicks, virtually undetected. Firesheep is almost idiot-proof, and gives even the most inexperienced computer user a tremendous amount of power.
Privacy and Business Implications
The capability that this puts into the hands of an average computer user poses a significant threat to peoples privacy, and the security of hospitals and other businesses as well. Once an account is compromised, an attacker could impersonate the victim and/or monitor all communication to and from the victim. Additionally, marketing and other business professionals that maintain social media sites for organizations can have those accounts compromised.
HealthGuard Expert Interviewed by WCPO.
Detection
Be on the look out and report any suspicious account activity including strange emails/posts and wrong password errors.
Prevention
Hospitals (and all organizations) should take the following steps to evaluate the potential risk (to the organization, patients and employees), and develop risk mitigation strategies:
- Evaluate business processes where privacy or security could be compromised (e.g. use of social media, patient & employee communication, etc.).
- Educate employees and patients and instruct them to report any suspicious activity (see detection above).
- Limit the use of wireless hot spots.
- Ensure the web address you are accessing begins with “https” and has a closed lock indicating a secure connection.