FaceNiff is a new Android App that makes it literally effortless to log into someone else’s Facebook account, if that person is on the same Wi-Fi network. Yes, any Wi-Fi network.
This application works by capturing all the packets that are sent back and forth inside the network. While the application itself won’t break into Facebook, it will wait for a legitimate user to login, then it will intercept the data and display the user’s login ID. By simply clicking on it, an ill-intentioned user would be able to log in and take over the account. In addition to Facebook, this application supports Twitter, YouTube, Amazon and Nasza-Klasa, a Polish micro-blogging platform.
This App is an elaborate form of packet sniffer, a program that intercepts data that’s sent back and forth inside a network. There are many packet sniffers available online for free, such as Wireshark, a full-fledged Windows application, and more recently Firesheep, a Firefox add-on. The main difference between FaceNiff and other packet sniffers is the program’s ease of use: while most packet sniffers capture every single packet that is sent or received inside the network, unless it’s configured otherwise, FaceNiff was designed specifically for collecting login data. That makes this app a lot less idiot-proof, and therefore more widespread.
There are ways you can protect yourself from these attacks. The most obvious way would be to use HTTPS on public networks, as opposed to HTTP. Services like Gmail, and yes, Facebook, have a setting that allows users to log in with HTTPS. You can also get a free VPN, such as Hotspot Shield, which will automatically encrypt all the data that’s sent from your computer. Both of those measures will shield sensitive data from prying eyes and yes, packet sniffers. If you’re a regular user of public Wi-Fi, stay on the lookout and make sure you’re safe.
In order to use this application, the phone needs to be rooted, which should be fairly effortless for most people. Once that’s done, you can get the application from this website. The developer stresses that this app was made "for educational purposes only" and let’s keep it that way. If you don’t know how to be a responsible individual, you most likely shouldn’t be allowed anywhere near a phone to begin with.