FaceNiff for Android Hijacks Facebook Sessions Over WiFi

Engadget reported on a free “research” Android app tool that can intercept web session profiles of computers on a WiFi network.

FaceNiff makes Facebook hacking a portable, one-tap affair (video)

An Android phone needs to be rooted (the Android equivalent of iPhone jailbreaking) in order to use the app. Once installed the app can hijack up to three profiles. A paid unlock code allows it to do more. It is not able to hijack a web session using SSL. However, determining when SSL is used is an interesting question. For example, as of seven months ago, the Facebook for iPhone app used SSL for the login proces but left session cookies unecrypted.

Does the Facebook iPhone app use SSL when logging you in?

You can find more information about FaceNiff at:

http://faceniff.ponury.net/

Related Stories
Mediabistro Course

Content Marketing 101

Content Marketing 101Almost 60% of businesses use some form of content marketing. Starting December 8, get hands-on content marketing training in our online boot camp! Through an interactive series of webcasts, content and marketing experts will teach you how to create, distribute, and measure the success of your brand's content! Sign-up before November 10 to get $50 OFF with early bird pricing. Register now!