App Review: DroidSheep – The Danger Of Browsing Without Secured Protocol

DroidSheep is an application which proves how insecure social networks such as Facebook can be. Browsing without a secured protocol will allow user of this or similar applications to hijack your session.

Before we begin I would like to quote words from the author

DroidSheep is NOT INTENDED TO STEAL IDENTITIES.
It shall show the weak security properties of big websites just like Facebook. Please be always aware of what you’re doing.

For the purpose of this demonstration I’m using my brother’s Facebook account with his permission.

Scanning For Active Session

Scanning for sessions
Scanning for active sessions

Once you are connected to a wireless connection it will start scanning for any active sessions. DroidSheep will capture sessions from sites such as Facebook, Twitter and LinkedIn.

Listing Captured Sessions

result of session scanning
List of captured sessions

The application will list every unsecured sessions. You can choose to let it keep scanning or stop it when you have found your target.

Choose the desired target and you will have to choose which action you want to proceed with.

Hijacking The Account

For this review I chose the action to view it in browser.

account hijacked
Session has been hijacked

Finally you are able to browse the targeted account without the owner’s knowledge.

Disclaimer

As quoted earlier, this application is not intended for stealing identities. Its purpose is to show how dangerous it is to browse without a secured protocol. The intention of this review is the same. I am not responsible for any damages being done as the result of this review.

There is no link to this application being provided. If you are interested to use DroidSheep, you have to find it yourself.

Protecting Your Account

Most social sites do provide secure browsing. Unfortunately they are not enabled by default. In Facebook it can be enabled easily.

Go to Account Settings and choose Security. Click on Secure browsing and tick the option “Browse Facebook on a secure connection (https) when possible“.

security settings
Facebook account's security settings

Once done press on Save Changes. Now, your account is (should be) safe for browsing on any wireless connection.

I hope with this review the awareness for browsing with secured protocol will increase. The worse thing can happen is someone to hijack your privacy.

Author: Rashidi Zin

I write code and run on the road.