We associate cookies with tracking and annoying advertisements on the internet, but they also store search queries, allowing us to visit sites without entering a username and pass. However, if someone intercepts the cookie, it can lead to a catastrophic cyberattack called “session hijacking”.
We associate cookies with tracking and annoying advertisements on the internet, but they also store search queries, allowing us to visit sites without entering a username and pass. However, if someone intercepts the cookie, it can lead to a catastrophic cyberattack called “session hijacking”.
Stolen cookies are key elements of common and dangerous session hijacking attacks that can put our sensitive data at risk at the hands of intruders. Interception of a session can do a lot of damage even before we know what happened.
What is session hijacking?
It is a series of interactions between your device and the web server. The session starts as soon as you enter a website or application, such as an online bank. It continues as long as you are inside your account, check your balance or make payment transactions, and ends the moment you log out. But how does the web server know that every request you make is actually coming from you?
This is where cookies come in. After logging in, you submit your credentials to the web server. It confirms who you are and gives you a session ID using a cookie that will be attached to you throughout the session. This is why you don't log out of Vkontakte every time you visit someone's profile, and why the online store remembers what you put in your shopping cart, even if you refresh the page.
But if an attacker uses special session control techniques or steals your cookie, they can intercept the session. Thus, it can trick the web server into believing that the requests are coming from you, the authorized user. From now on, a cybercriminal can make bank transfers or make online purchases on your behalf without ever stealing your login information.
Session capture types
Session hijacking can be divided into two main categories, depending on what the perpetrator wants.
- Active. With an active attack, an attacker hijacks your session and kicks you out of it. He can perform the same actions as you, but only instead of you. Depending on which site the session is on, the hacker can shop online, change pass, or restore accounts.
- Passive. In a passive attack, the attacker does not kick you out of the session. Instead, it quietly monitors the data traffic between your device and the server, collecting all sensitive data. Thus, it learns your pass, bank card details and other information without arousing suspicion.
How is session hijacked?
There are quite a few methods for performing a session hijacking attack. Most of the tactics depend on the vulnerabilities of the web server, but also many users do not think about the security of their data.
- Session side jacking. This method uses unsecured networks to find out your session ID. The attacker uses sniffing (special software) and usually targets public Wi-Fi or websites without an SSL certificate, which are known for their poor security.
- Session fixation. The victim uses a session ID created by the attacker. It can do this with a phishing attack (via a malicious link) that “fixes” your session ID.
- Brute-force. The most laborious and ineffective method. During this attack, the hacker does not steal your cookies. Instead, it tries every possible combination to guess your session ID.
- Cross-site scripting. A hacker uses vulnerabilities in websites or applications to insert malicious code. When the user visits the site, the script is activated, steals the user's cookies and sends them to the attacker.
- Malware. Malicious software can do anything from performing unauthorized actions on your device to stealing personal information. It is also often used to intercept cookies and send information to an attacker.
- IP spoofing. The cybercriminal alters the original IP address of his packet to make it appear to be coming from you. Because of the fake IP, the web server thinks it is you. This is how the session is intercepted.
How to prevent session hijacking?
Session hijacking usually comes down to the security of the websites or applications you use. However, there are steps you can take to protect yourself.
- Avoid public Wi-Fi. Free hotspots are ideal for cybercriminals. They usually have poor security and can be easily tampered with by hackers. Not to mention, they are always full of potential victims whose data traffic is constantly at risk. If you would like to get cover from hackers a VPN will be a great tool. I'm using regular veepn (vpn) chrome addon, which hide my traffic and allow me to visit blocked sites.
- Don't visit suspicious sites. Any site that does not use an SSL certificate makes you vulnerable. cannot encrypt traffic. Check if the site is safe by looking for a small green padlock next to the URL.
- Install an anti-malware application. It will detect and protect your device from viruses that can steal personal information.
- Check downloadable software. A good way to avoid unintentionally downloading malware is to download apps from official stores.
- Don't open unknown links. If you get a message asking you to click on an unfamiliar link, don't do it. This can be a phishing attack that can infect your device and steal personal information.