FaceNiff enables an Android smartphone to detect unsecured Facebook or Twitter login
Facebook and Twitter users face a new security headache from an Android app that allows anyone to hack social media accounts at public WiFi spots.
The developer of the FaceNiff app mentioned on their website that the app is for educational purposes only, and urges users not to install it if it is illegal in their country.
FaceNiff enables an Android smartphone to detect any unsecured Facebook or Twitter login made on the same WiFi network by a desktop or laptop using a standard web browser.
The app is a major security risk as it allows hackers access to a user's private contact details and those of all their friends. Using the app, it would be possible for hackers to collect personal information needed for identity theft simply while having coffee at an internet cafe.
FaceNiff needs to be side loaded onto an Android device that allows root or superuser access to the device. While some users would not be capable of configuring "root user" access on their Android phones, many would, and a list of compatible phones is listed on the developer's website.
The developer claims the app works not only on open networks, but WiFi networks secured by WEP, WPA-PSK and WPA2-PSK network protocols.
The developer's website states the app can be used to access Facebook, Twitter, YouTube, Amazon, and Nasza-Klasa -- a Polish version of Facebook with "new coming soon".
FaceNiff however is understood not to work if social media is accessed with https secure protocol.
Facebook and Twitter by default do not automatically use https browsing and users have to activate it.