Public Wifi networks offer a larger security threat than ever to computer users because hackers have the ability to "poison" users' browser caches to present fake Web pages and even steal data later, according to security researcher Mike Kershaw.
Kershaw, developer of the Kismet wireless network detector and intrusion-detection system, spoke at the Black Hat conference last week and indicated that an attacker using an 802.11n network can take control of a Web browser cache by stealing a common JavaScript file.
"Once you've left Starbucks, you're owned. I own your cache-control header," he said. "You're still loading the cache JavaScript when you go back to work." And research shows that the browser cache poisoning can be kept in a persistent state unless the end users understands how to effectively empty the cache.
Kershaw said the problem stems from open network that have no client protection. "Nothing stops us from spoofing the [wireless access point] and talking directly to the client," he said.
Kershaw suggested that users continuously clear out the cache on a manual basis or use private-browser mode.
For more:
- check out this PC World article
Related articles:
WiFi takes a seat at the cellular table
Security firm demoed hacking and eavesdropping on IPhone mobile VoIP calls