Android app can be used to hack Facebook

Move over, Firesheep. A new app allows smartphones running Google's Android operating system to hack into Facebook and other online services. The FaceNiff app lets users sniff and intercept web session profiles over Wi-Fi networks, and potentialy steal other users' credentials. "It's kind of like Firesheep for (Android). Maybe a bit easier to use (and it works on WPA2!)," developer Bartosz Ponurkiewicz said on his website. However, Ponurkiewicz said hijacking sessions is possible only when the network is not using the Extensible Authentication Protocol (EAP). Ponurkiewicz also said the application will not work if the targeted victim is using SSL (secure sockets layer). The phone where the app is to be used must also be rooted, he added. For now, he said the latest version of his app can hack into Twitter, YouTube, Amazon, and Nasza-Klasa. He also said the app is confirmed to work on specific smartphones such as:

• HTC Desire CM7
• Original Droid/Milestone CM7
• SE Xperia X10
• Samsung Galaxy S
• Nexus 1 CM7
• HTC HD2
• LG Swift 2X
• LG Optimus Black - original rom
• LG Optimus 3D - original rom
• Samsung Infuse

An article on tech site Mashable said the app may potentially be more dangerous than Firesheep, a Firefox extension that lets users hijack Facebook and Twitter sessions over Wi-Fi networks. Unlike Firesheep, FaceNiff works on Wi-Fi networks with WPA encryption. "While we’re not suggesting that any of our readers should use the app to hack someone’s account (it might even be illegal depending where you live), the sheer fact that such an app exists and is very easy to use means that you should be extra cautious when connecting to public Wi-Fi networks," the Mashable article said. It also suggested using secure hypertext transfer protocol (https), which offers a fair degree of protection against attacks such as those from FaceNiff and FireSheep. — TJD, GMA News