Thursday, 15 September 2011

Faceniff - sniffing Facebook accounts with Android Phones

I've been meaning to have a look at 'Faceniff' for a while. I came across a good video today which demonstrates it (and has some nice music). It is basically Firesheep for Android. I'll let the video do the talking, but my advice to people is to go to Facebook, select "Account" (at the top right of the page), choose "Account Settings" and then go over to the left and choose "Security". Go over to "Secure browsing" and choose the option for "Browse Facebook on a secure connection (https) whenever possible". This blocks the Faceniff attack. Google changed this to be a default setting a long time ago with gmail. There are plenty of other threats out there when connecting to WiFi access points, so try and be safe.


  1. Ironically, this doesn't work when you are accessing Facebook over your mobile phone browser at You don't have access to the security setting from the settings menu and you also are not automatically redirected to the secure site when that setting has already been set up on your account. The best bet for those looking to use the mobile web version of Facebook and protect against Firesheep and the like is to make sure they bookmark .

  2. Just to be clear, this would have no success whatsoever over anyone using an SSL encrypted connection, correct me if I am wrong? Further, I do believe that Facebook either defaults to use SSL? I cannot understand how they could do this simple packet sniffing over an SSL encrypted connection, if they can, then I am worried about a whole lot more than just my Facebook account.
    tl;dr unencrypted connections are unencrypted, and can be monitored.

  3. Great! I learned a lot from it. Thanks.

  4. Wow Android is the future, the only thing that delay more cool stuff is the developers programming skills.

    I hope to see lots of more stuff using android , for example, wifi password hacking on android

  5. Believe it or not, true-to-form hack. I'm not anti-Facebook...but I couldn't eat a whole one. First the government deny us our rights with their tyrannical laws and now the commentators are trying to enforce them.
    Facebook password hack


Note: only a member of this blog may post a comment.