FaceNiff Is a Hacker's Dream for Android Users

Firesheep has gone mobile. For those who may not remember, Firesheep is a Firefox extension, in October of last year, which allows the user to access the social network accounts logged in on the same network. Developer Bartosz Ponurkiewicz adapted the Firesheep concept for Android.

The only prerequisite for FaceNiff is a rooted Android phone. Once installed, the app will tear through the Wi-Fi network for any accounts that are logged in. Protected networks aren't safe from this, as FaceNiff can access WEP, WPA, and WPA2 Wi-Fi networks.

The developer put a disclaimer at the top of the FaceNiff site. "Legal notice: this application is for educational purposes only. Do not try to use it if it's not legal in your country."

With all of the rooting how-to guides available, it's fairly simple for a user to root an Android phone. In theory, all Android users could use this app, and while the legal disclaimer may be up on the site, it does not guarantee that will be put the reason the app is used.

The free version of this APK provides access to three hacked profiles. The site notes that wider access can be purchased through PayPal.

FaceNiff cannot, however, access accounts that use https browsing, which encrypts information for a more secure browsing session. Facebook is not automatically on https. Users must enable it manually, and Twitter also requires users to manually activate it. Perhaps with the wider availability of an app like FaceNiff, https browsing will become standard.

Google made , an encryption protocol for communication security, standard for GMail following the advent of Firesheep. At the time in November 2010, Facebook and Twitter lacked SSL authentication.

FaceNiff is much more flexible than Firesheep as the latter requires a computer. Nearly anything is accessible to FaceNiff users, providing they can get access to protected networks.

Be sure to enable https browsing if you haven't already.

For more from Julius, follow him on Twitter @jcmodus.