Follow us on RSS or Twitter for the latest updates.

June 9, 2011

Hack Facebook and Twitter Accounts in seconds with FaceNiff


In October 2010, a small application called Firesheep had Internet users quivering in fear that their social accounts could be hacked instantly, with a small Firefox extension able to hijack Facebook, Twitter, and Flickr and Amazon.com sessions whist they were connected to unsecured wifi.

With Firesheep requiring a desktop computer to steal a users cookies and authenticate them as any user browsing on the same wireless network, the potential for attacks was rather limited. However, an enterprising developer has taken the same concept and shoehorned the technology into an Android application called FaceNiff, providing a user with the ability to take over Facebook, Twitter and YouTube accounts simply by joining a network and running the app.

FaceNiff requires a rooted Android handset, a barrier for a few but with a wealth of information on the Internet, easily achieved by many. Securing a network doesn’t seem to help either, as the application can snoop information on WEP, WPA and WPA2 WiFi networks.

The application reinforces the need for all social networks to employ SSL encryption on their services, stopping tools like FaceNiff from working in seconds. Both Facebook and Twitter have such an option embedded within the settings but many users are unaware of the option.

The app is meant to be a proof of concept and only used for educational purposes but has been confirmed to work on HTC Desire CM7, Original Droid/Milestone CM7, Sony Ericsson Xperia X10, Samsung Galaxy S, Nexus 1 CM7, HTC HD2, LG Swift 2X, LG Optimus Black and LG Optimus 3D.

The APK file is limited so it can only be used to hijack 3 social profiles. Despite this, developer Bartosz Ponurkiewicz says that users can donate via PayPal for an unlocked version of the application.

To help protect your social networking profiles and assist you in securing your accounts, you can click here for information on how to encrypt your Facebook traffic and here for information on how to secure your Twitter account.In October 2010, a small application called Firesheep had Internet users quivering in fear that their social accounts could be hacked instantly, with a small Firefox extension able to hijack Facebook, Twitter, and Flickr and Amazon.com sessions whist they were connected to unsecured wifi.

With Firesheep requiring a desktop computer to steal a users cookies and authenticate them as any user browsing on the same wireless network, the potential for attacks was rather limited. However, an enterprising developer has taken the same concept and shoehorned the technology into an Android application called FaceNiff, providing a user with the ability to take over Facebook, Twitter and YouTube accounts simply by joining a network and running the app.

FaceNiff requires a rooted Android handset, a barrier for a few but with a wealth of information on the Internet, easily achieved by many. Securing a network doesn’t seem to help either, as the application can snoop information on WEP, WPA and WPA2 WiFi networks.

The application reinforces the need for all social networks to employ SSL encryption on their services, stopping tools like FaceNiff from working in seconds. Both Facebook and Twitter have such an option embedded within the settings but many users are unaware of the option.

The app is meant to be a proof of concept and only used for educational purposes but has been confirmed to work on HTC Desire CM7, Original Droid/Milestone CM7, Sony Ericsson Xperia X10, Samsung Galaxy S, Nexus 1 CM7, HTC HD2, LG Swift 2X, LG Optimus Black and LG Optimus 3D.

The APK file is limited so it can only be used to hijack 3 social profiles. Despite this, developer Bartosz Ponurkiewicz says that users can donate via PayPal for an unlocked version of the application.

To help protect your social networking profiles and assist you in securing your accounts, you can click here for information on how to encrypt your Facebook traffic and here for information on how to secure your Twitter account.

4 Responses to “Hack Facebook and Twitter Accounts in seconds with FaceNiff”

Computer Repair Ventura said...
June 9, 2011 at 7:04 PM

This is the main reason why you shouldn't use your email address and password for all of your accounts. Facebook and Twitter are coming out with new ways of security, which are helpful, but make sure to constantly change your passwords.


Conveyor Systems Integrator said...
June 13, 2011 at 8:14 PM

Do you know if FaceNiff is compatible with Blackberrys? Do you know why companies even allow these hacking apps to be accessed?


Dematic Conveyor said...
June 30, 2011 at 11:53 PM

I like to keep my passwords different for each account. Does this make it easier for hackers? I'm interested in trying this out and testing it on myself.


dfgdfg said...
July 7, 2011 at 3:18 PM

@Conveyor, FaceNiff is only compatible with android phones, it's an android apps and the best way to secure your account is to use combinations of symbols, letters and number as your password and make sure it means something
(P1r#C& - means prince)


Post a Comment