So that’s how my Girlfriend Hacked by Facebook, she probably used an Android App like FaceNiff [Video]
Jun 2, 2011 1:17 PM –
FaceNiff is an Android app for rooted devices that can sniff out and hijack Facebook and Twitter sessions when on the same Wi-Fi network as an unsuspecting user with one click! 😯 😀 😡 The title came from one of my buddies who’s girlfriend is always able to get into his Facebook account and he has the slightest clue how even after he changes his password, in that case it’s probably a browser extension.
The app works in the same fashion as Firefox extension FireSheep, through a method known as cookie-jacking, meaning it sniffs out and copies security tokens which identifies you with a site. From the vid below you can see how someone with malicious intent could connect their rooted Android device to the same Wi-Fi network you’re on, press one button, wait for you to be the chatty catty you are by going on Facebook, Twitter, YouTube, etc. get your token ID and use your account as if it were you.
Watch on Mobile
How to Protect Yourself from FaceNiff, FireSheep or other Social Media Sniffing Hacks?
Be vigilant, meaning don’t be so eager to jump on the free Wi-Fi, if you do… please ensure everypage you visit has HTTPS in the web address.
The best route is to use the advice below to force your Facebook and Twitter accounts to connect over HTTPS sessions:
- Go to Account in the top right corner of your Facebook page.
- From the Account drop-down menu chose Account Settings.
- This will bring you to My Account.
- Scroll down and click on Account Security.
- Under Secure Browsing (https), click inside both of the following boxes:
- Browse Facebook on a secure connection (https) whenever possible
- When a new computer or mobile device logs into this account, send me an email. (This will alert you if someone unknown has accessed your account.)
Tip via LifeHacker
To turn on HTTPS, go to your settings and check the box next to “Always use HTTPS,” which is at the bottom of the page. This will improve the security of your account and better protect your information if you’re using Twitter over an unsecured Internet connection, like a public WiFi network, where someone may be able to eavesdrop on your site activity. In the future, [Twitter hopes] to make HTTPS the default setting.
[Source FaceNiff via Engadget via Gadgetbox]
Tags: Android Apps
, App to Hijack Facebook and Twitter Sessions
, Cookie Jacking
, How to Secure Facebook Apps
, How to Secure Facebook Session
, How to Secure Twitter Apps
, How to Secure Twitter Session
Categorised in: Apps Blog, Featured, News