Thursday, 15 September 2011

Faceniff - sniffing Facebook accounts with Android Phones

I've been meaning to have a look at 'Faceniff' for a while. I came across a good video today which demonstrates it (and has some nice music). It is basically Firesheep for Android. I'll let the video do the talking, but my advice to people is to go to Facebook, select "Account" (at the top right of the page), choose "Account Settings" and then go over to the left and choose "Security". Go over to "Secure browsing" and choose the option for "Browse Facebook on a secure connection (https) whenever possible". This blocks the Faceniff attack. Google changed this to be a default setting a long time ago with gmail. There are plenty of other threats out there when connecting to WiFi access points, so try and be safe.


13 comments:

  1. Ironically, this doesn't work when you are accessing Facebook over your mobile phone browser at m.facebook.com. You don't have access to the security setting from the settings menu and you also are not automatically redirected to the secure site when that setting has already been set up on your account. The best bet for those looking to use the mobile web version of Facebook and protect against Firesheep and the like is to make sure they bookmark https://m.facebook.com .

    ReplyDelete
  2. Just to be clear, this would have no success whatsoever over anyone using an SSL encrypted connection, correct me if I am wrong? Further, I do believe that Facebook either defaults to use SSL? I cannot understand how they could do this simple packet sniffing over an SSL encrypted connection, if they can, then I am worried about a whole lot more than just my Facebook account.
    tl;dr unencrypted connections are unencrypted, and can be monitored.

    ReplyDelete
  3. Great! I learned a lot from it. Thanks.

    ReplyDelete
  4. Wow Android is the future, the only thing that delay more cool stuff is the developers programming skills.

    I hope to see lots of more stuff using android , for example, wifi password hacking on android

    ReplyDelete
  5. Believe it or not, true-to-form hack. I'm not anti-Facebook...but I couldn't eat a whole one. First the government deny us our rights with their tyrannical laws and now the commentators are trying to enforce them.
    Facebook password hack

    ReplyDelete
  6. Get this blog if you are interested in such topics and want to read even more from this sphere of science.

    ReplyDelete
  7. Yes! You must have researched for something in real life to boot. Be it your girl-friend or buying any property.
    showboxdownloadsapp.com

    ReplyDelete
  8. Informative and interesting which we share with you so i think so it is very useful and knowledgeable. I would like to thank you for the efforts. click to read

    ReplyDelete
  9. We expect that the new LG V30 will be a super success when it launches at the upcoming global event. With the other Smartphone manufacturers going all in to find the proverbial Pandora’s Box when it comes to customer satisfaction, we have developed a wishlist of the features which the LG will supposedly carry. We can also predict that the MWC 2017 will not be the LG V30 showcase after all, as mentioned here.

    ReplyDelete
  10. This is interesting! But you know, I would better install this wonderful whatsapp hack https://mxspy.com/whatsapp-hack/ on your phone and spy anybody you.

    ReplyDelete
  11. iOS (previously iphone OS) was unveiled in 2007 developed by Apple Inc. and is now dominating the IT market at a very fast rate. Not only in mobile phones, but also other products such as iPad Mini and iPod Touch are the major products of Apple.
    more info

    ReplyDelete
  12. Thank you a bunch for sharing this with all of us you actually realize what you are talking about! Bookmarked. Please also seek advice from my site =). We could have a hyperlink change contract between us! apk

    ReplyDelete