Faceniff – sniffing Facebook accounts with Android Phones

I’ve been meaning to have a look at ‘Faceniff’ for a while. I came across a good video today which demonstrates it (and has some nice music). It is basically Firesheep for Android. I’ll let the video do the talking, but my advice to people is to go to Facebook, select “Account” (at the top right of the page), choose “Account Settings” and then go over to the left and choose “Security”. Go over to “Secure browsing” and choose the option for “Browse Facebook on a secure connection (https) whenever possible”. This blocks the Faceniff attack. Google changed this to be a default setting a long time ago with gmail. There are plenty of other threats out there when connecting to WiFi access points, so try and be safe.


5 thoughts on “Faceniff – sniffing Facebook accounts with Android Phones

  1. Dan Appelquist September 15, 2011 / 4:12 pm

    Ironically, this doesn't work when you are accessing Facebook over your mobile phone browser at m.facebook.com. You don't have access to the security setting from the settings menu and you also are not automatically redirected to the secure site when that setting has already been set up on your account. The best bet for those looking to use the mobile web version of Facebook and protect against Firesheep and the like is to make sure they bookmark https://m.facebook.com .

  2. David Rogers September 15, 2011 / 5:52 pm

    Thanks Dan, great point!

  3. blackberry unlock code December 14, 2011 / 3:25 am

    Just to be clear, this would have no success whatsoever over anyone using an SSL encrypted connection, correct me if I am wrong? Further, I do believe that Facebook either defaults to use SSL? I cannot understand how they could do this simple packet sniffing over an SSL encrypted connection, if they can, then I am worried about a whole lot more than just my Facebook account.tl;dr unencrypted connections are unencrypted, and can be monitored.

  4. portable wireless router March 18, 2012 / 2:41 am

    Great! I learned a lot from it. Thanks.

  5. Unlock Blackberry May 4, 2012 / 3:12 pm

    Wow Android is the future, the only thing that delay more cool stuff is the developers programming skills.I hope to see lots of more stuff using android , for example, wifi password hacking on android

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.