A new Android application has been created that enables users to easily hijack user accounts on either Facebook, YouTube, or Twitter over Wi-Fi networks, similar to the Firesheep Firefox extension.
The new Android FaceNiff app lets users sniff and intercept web session profiles over Wi-Fi networks, and potentially steal other users’ credentials. Watch how easily the process is in the demo video after the jump.
The FaceNiff application has been developed by a programmer who compares his creation to Firesheep and developed the application for educational purposes only.
“It’s kind of like Firesheep for (Android). Maybe a bit easier to use (and it works on WPA2!),”
How FaceNiff Works
FaceNiff operates by intercepting web session profiles over Wi-Fi networks. When a user logs into their Facebook, YouTube, or Twitter account over an unsecured Wi-Fi network, FaceNiff can capture the session cookies. These cookies contain the information needed to authenticate the user without requiring their password. Essentially, FaceNiff can hijack the session and gain access to the user’s account as if it were the legitimate user.
The app is particularly concerning because it works on WPA2 encrypted networks, which are generally considered secure. This means that even users who believe they are protected by using a password-protected Wi-Fi network could still be vulnerable to attacks from FaceNiff.
Protecting Yourself from FaceNiff
The way to make sure you are protected from FaceNiff is to use SSL (secure sockets layer) when connecting to your accounts. SSL encrypts the data transmitted between your device and the server, making it much more difficult for FaceNiff to intercept and read the session cookies. Most major websites, including Facebook, YouTube, and Twitter, offer SSL encryption, which can usually be identified by the “https://” prefix in the URL.
Additionally, users can take further steps to protect themselves by using a Virtual Private Network (VPN). A VPN creates a secure tunnel for your internet traffic, encrypting all data transmitted between your device and the VPN server. This adds an extra layer of security, making it even more challenging for tools like FaceNiff to intercept your data.
Another practical measure is to avoid using public Wi-Fi networks for accessing sensitive accounts. Public Wi-Fi networks are often unsecured, making them prime targets for hackers using tools like FaceNiff. If you must use public Wi-Fi, consider using a VPN or only accessing websites that offer SSL encryption.
It’s also important to keep your device’s software up to date. Security patches and updates are regularly released to address vulnerabilities that could be exploited by hackers. By keeping your device updated, you can help protect yourself from known security threats.
In conclusion, while FaceNiff is a powerful tool that highlights the vulnerabilities of Wi-Fi networks, users can take several steps to protect themselves. By using SSL encryption, VPNs, avoiding public Wi-Fi for sensitive transactions, and keeping their devices updated, users can significantly reduce the risk of their accounts being hijacked by tools like FaceNiff.
Source: Gizmodo
Latest Geeky Gadgets Deals
Disclosure: Some of our articles include affiliate links. If you buy something through one of these links, Geeky Gadgets may earn an affiliate commission. Learn about our Disclosure Policy.