Friday, June 3, 2011

FaceNiff - portable Android cousin of FireSheep

FaceNiff Android App Allows the Clueless to Hack Facebook in Seconds Over Wi-Fi

FaceNiff allows even n00bs to hack Facebook over wifi networks. It works on rooted-Android devices. Other than Facebook, it allows users to sniff Twitter, YouTube, Amazon too. Unlike its older cousin FireSheep, FaceNipp app listens in on wireless networks encrypted with WPA and WPA2. All that is needed is one tap and withing seconds, users can hijack supported account types.

Not that you intend to try out FaceNiff, but you can't hijack more
than three profiles. However, FaceNiff app developer Bartosz
Ponurkiewicz says more sites for hopping onto user accounts will soon be
supported. He noted if you want to hijack more than three profiles with
FaceNiff, there will be an option to pay and unlock the code.

FaceNiff has been confirmed to work on rooted mobile phones: HTC
Desire CM7, original Droid/Milestone CM7, SE Xperia X10, Samsung Galaxy
S, Nexus 1 CM7, HTC HD2, LG Swift 2X, LG Optimus black (original ROM),
LG Optimus 3D (original ROM), and Samsung Infuse.

This App is extremely portable 'cause it runs on Android phones - it presents a clear possible attack vector 'cause it's not just for public wireless
networks. Depending how you manage your wireless network at home,
someone could park outside or walk by your house and FaceNiff you.

This one-tap-wonder app again underscores the importance of using
HTTPS. If you have not done so, you can tweak your Facebook and Twitter
settings to always enable HTTPS. Or use the EFF's Firefox add-on HTTPS Everywhere or another addon of your choosing to force SSL. HTTPS is your friend. It is way past time to start applying major public pressure in order to force sites to use HTTPS.