A new app allows Android-based smartphones to hack into the Facebook or Twitter accounts of other users using the same Wifi network.
FaceNiff gives hackers access to a user’s contact details, as well as those of all their friends – a phisher’s dream. Developed by Polish computer science student Bartosz Ponurkiewicz, it needs to be loaded onto a jail-broken Android device.
“It’s kind of like Firesheep for Android. Maybe a bit easier to use (and it works on WPA2!),” he says.
Ponurkiewicz claims that it works not only on open networks, but also on those secured by the WEP, WPA-PSK and WPA2-PSK network protocols – although not those accessed via https. This is of course an option on Facebook and Twitter, but is not activated automatically.
And it can be used to access the personal information of users of Facebook, Twitter, YouTube and Amazon. Ponurkiewicz says his free version gives access to three hacked profiles, but that he’ll sell the unlock code for more through PayPal.
He does add a little disclaimer on the site: “Legal notice: this application is for educational purposes only. Do not try to use it if it’s not legal in your country.” Hmm.