Researchers use Firesheep to snag Google search history data

Researchers have modified the Firesheep web attack tool to track user activity by way of Google search cookies.

Vincent Toubiana and Vincent Verdot, from Alcatel-Lucent Bell Labs, published a report entitled Show me your cookie (PDF) demonstrating a process in which Firesheep could harvest search cookies and use the intercepted data to view a user's click history and contact information.

The researchers used a modified version of Firesheep to seek out cookie traffic on unsecured wireless networks. Firesheep allows an attacker to automatically collect account credentials and other user information travelling over unsecured channels.

Reconfiguring Firesheep to seek out the Google search session identifier cookies allowed the researchers to access large pieces of the web history on targeted test machines.

"The objective is to recover a large portion of the victim's visited search results with the smallest set of search queries," the researchers said.

"Limiting the number of queries that will appear in the web search history reduces the risk that the victim detects the attack."

The researchers suggested that the risk can be mitigated by signing out of Google services accounts when on shared or untrusted networks, or disabling the Google web search history feature.

Google, however, has downplayed the risk of attack. "We consider the concerns raised by these researchers to be fairly academic in nature and not a significant risk to users," a company spokesperson told V3.

"Google Web History and our Web Search suggestion service are served over HTTPS, and we have encrypted the back-end server requests associated with the suggestion service as well."