Have you ever logged into your Facebook account while attached to a public Wi-Fi connection? If you have, you are not alone. A majority of smart-phone users do it on a regular basis, and why not? It is easy enough, standing in line at Starbuck’s? Just update that Facebook status and check out what your friends are up to. Unfortunately, using public Wi-Fi hotspots makes it very easy for almost anyone to intercept your internet activities.
This vulnerability is best demonstrated by an extension for the Firefox browser called Firesheep that makes use of a packet sniffer to intercept information from popular websites (Facebook and Twitter, for example) traveling over the Wi-Fi network and then allows the Firesheep user (hacker) to assume the log-in credentials of whoever’s identity was intercepted. Once logged in, the hacker has access to all sorts of personal information with very little fear of detection. Keep in mind, this extension is readily available and is very easy to use. Next time you think about logging into Facebook at your local Wi-Fi hotspot, look around. Is one of those guys (or gals) in the corner with a laptop running Firesheep?
Fortunately, defeating this particular exploit is fairly simple. Facebook allows you to access their website with the HTTPS (HyperText Transfer Protocol Secure) protocol instead of the more commonly used HTTP. HTTPS encrypts communications with SSL (Secure Socket Layer), preventing hackers from eavesdropping on your browsing. Some websites, such as banking websites, PayPal, and others require the use of HTTPS and Facebook has allowed the use of HTTPS on its website for quite some time, although it required users to manually type https://facebook.com into the address bar of their browser instead of the using the default http://facebook.com.
Facebook has a new option, automatically enabling the use of HTTPS. This option can be accessed by selecting Account from upper right corner of the page, and choosing Account Settings. Within the Account Settings is an Account Security section that looks like the one below.
Putting a checkmark in the Browse Facebook on a secure connection… box (be sure to click Save to apply the setting) will do just what it says and will provide a much more secure Facebook experience. Do yourself a favor, check the box, and shear that Firesheep!
NOTE: Enabling HTTPS will make browsing a little slower and Facebook apps like Mafia Wars and Farmville won’t work. Facebook chat, however, may still work. I just tested chat and it works for me, although others have been unable to use it over a secure connection.