SERPland Flugverkehr/Airtraffic Zürich – Auto Direktimport Dänemark – Disneyland Paris – Legoland Deutschland


How save is DroidSheepGuard (against smartphone session hijacking apps)?

Yesterday on German TV, a smartphone session hijacking app has been introduced (provided by cydia). “Stern TV” showed us on how a smartphone session can be hijacked easily when being logged in a public WLAN. With this app, it seems to be possible to spy out other smartphones, IPhones and Notebooks within the same WLAN (Spy-App / Spionage-App). So a personal Facebook account can be taken over by a stranger.

On the programers hompage I can read: was developed as a tool for testing the security of your accounts and is based on my Bachelor thesis with title “Session Hijacking on Android Devices”.

Ok, this is fine. But why is it so easy to create such a smartphone hijack app Annoyed ? Searching the web I found several other packet sniffer apps. With all of them, hijacking within a open public WLAN is possible!

It seems as there exists also a smartphone session hijacking defense app – DroidSheepGuard – but does it really protect? Is it save?

Why does no “https everywhere” exist?

Save-DroidSheepGuard  (against smartphone session hijacking apps)

Use HTTPS wherever it is possible! It seems as following services do not provide HTTPS per default, so be careful when using them in a public WLAN:

  • FaceBook
  • Twitter
  • Youtube
  • Amazon
  • VKontakte
  • Tumblr
  • MySpace
  • Tuenti
  • MeinVZ/StudiVZ
  • blogger
  • Nasza-Klasa

On topic HTTPS, Google seems to be pretty good Open-mouthed smile (but you have to be logged in – when your operating system is android, you usually are logged in on Google)

Related Posts:

Comments (0) Trackbacks (0)

No comments yet.

Leave a comment

No trackbacks yet.