In October 2010, a small applicationcalled Firesheephad Internet users quivering in fear that their social accounts could be hacked instantly, with a small Firefox extension able to hijack Facebook, Twitter, and Flickr and Amazon.com sessions whist they were connected to unsecured wifi.
With Firesheep requiring a desktop computer to steal a users cookies and authenticate them as any user browsing on the same wireless network, the potential for attacks was rather limited. However, an enterprising developer has taken the same concept and shoehorned the technology into an Android application calledFaceNiff, providing a user with the ability to take over Facebook, Twitter and YouTube accounts simply by joining a network and running the app.
FaceNiff requires a rooted Android handset, a barrier for a few but with a wealth of information on the Internet, easily achieved by many. Securing a network doesn’t seem to help either, as the application can snoop information on WEP, WPA and WPA2 WiFi networks.
The application reinforces the need for all social networks to employ SSL encryption on their services, stopping tools like FaceNiff from working in seconds. Both Facebook and Twitter have such an option embedded within the settings but many users are unaware of the option.
Calling all Scaleup founders! Join the Soonicorn Summit on November 28 in Amsterdam.
Meet with the leaders of Picnic, Miro, Carbon Equity and more during this exclusive event dedicated to Scaleup Founders!
The app is meant to be a proof of concept and only used for educational purposes but has been confirmed to work on HTC Desire CM7, Original Droid/Milestone CM7, Sony Ericsson Xperia X10, Samsung Galaxy S, Nexus 1 CM7, HTC HD2, LG Swift 2X, LG Optimus Black and LG Optimus 3D.
The APK file is limited so it can only be used to hijack 3 social profiles. Despite this, developer Bartosz Ponurkiewicz says that users can donate via PayPal for an unlocked version of the application.
To help protect your social networking profiles and assist you in securing your accounts, you canclick herefor information on how to encrypt your Facebook traffic andherefor information on how to secure your Twitter account.
Story byMatt Brian
Matt is the former News Editor for The Next Web. You can follow him on Twitter, subscribe to his updates on Facebook and catch up with him(show all)Matt is the former News Editor for The Next Web. You can follow him onTwitter, subscribe to his updates onFacebookand catch up with him onGoogle+.
Get the TNW newsletter
Get the most important tech news in your inbox each week.
