Search By Topic:

Popular Topics:



News & Features | Jun 10th, 2011

FaceNiff Brings the Security Risks of Firesheep to the Mobile World: The Social Media Privacy Report  

Jillian Ryan

Last October privacy and security technology experts were buzzing about the launch of Firesheep, a Firefox extension that gave hackers the ability to easily hijack unencrypted Facebook, Twitter, and even Amazon credentials from other users on the same wifi network. The same individuals who were concerned about Firesheep are probably just as scared about FaceNiff, an Android application that launched last week from Polish developer Bartosz Ponurkiewicz.

Security researcher 'Ms. Smith' on NetworkWorld, calls the app a “wicked mobile cousin of Firesheep.” With a rooted Android phone, a user can run FaceNiff to sniff and intercept web session profiles over wifi connections to hijack credentials from Facebook, Twitter, YouTube and other services.

Now a hacker doesn’t even have to go through the hassle of opening a laptop, as was required with Firesheep; he can simply use his mobile device. Using the application is as straightforward as sending a text message from your Android phone. Check out this video to see the app in action.

So not only does FaceNiff bring the security implications of Firesheep to the more accessible mobile sphere, but it also goes one step further.  With Firesheep, if a user is on a password-protected WEP, WPA or WPA2 secured WiFi network, he cannot be hijacked. But with FaceNiff it doesn’t matter; all networks – secured or unsecured – are vulnerable to attack.

Protect Yourself From FaceNiff

Many technology and security experts are concerned and strongly encourage users to connect to WiFi networks with caution. Rosa Golijan from MSNBC’s GadgetBox asks her readers, “Do you trust whoever set up the network you're logging on to? Do you even know who runs it? Think twice about using free public networks.”

But if you find yourself on a network and you doubt its security, Mashable recommends using HTTPS for an extra level of protection.  However, as PRIVATE WiFi™ has reported in the past, while HTTPS is better than HTTP it is still vulnerable to man-in-the-middle attacks.

Thus, we recommend, just as Mobile Magazine, to protect yourself with a Virtual Private Network (VPN) like PRIVATE WiFi to encrypt your online traffic. That makes your logins and your Internet communication  invisible to sidejackers and hackers, even when using vulnerable websites. If the user in the above video would have been running PRIVATE WiFi on his computer, FaceNiff would have never detected him!

Does the idea of FaceNiff being able to hijack your log-in credentials leave you feeling vulnerable? Would you download PRIVATE WiFi to guarantee your privacy and security on the internet?

Associated Topics:

Associated Topics:


Related Posts

Avira Offers PRIVATE WiFi’s VPN As Part of New Bundle

News & Features
Jared Howe | May 14th, 2015

Germany-based security company, Avira, just announced the release of a new bundled product which includes both their Antivirus Pro and PRIVATE WiFi.  This bundle protects users from both malware infection and data theft. Read More

Online Dating and Pubic WiFi: How Secure Is It?

Thought Leadership
Nikki Junker | May 5th, 2015

You never want to share sensitive information like online banking accounts or credit card portals over unsecured public web connections, but the truth is online dating profiles can often contain just as much data as either of those. In fact, your online dating profile—if falling into the hands of a hacker—can cause far more personal safety problems than your banking data. After all, with online banking a thief just gains access to your checking account; with online dating data, a criminal could gain access to your home address, your workplace, any children’s or family members’ names, and more. Read More

Tips to Protect Your Digital Identity

Thought Leadership
Nikki Junker | Apr 29th, 2015

Within the last decade, our senses of self and identity have made a major shift.  Whether we’ve noticed it or not, the items that used to define our identities have gone from hard copy items, such as birth certificates and Social Security cards, to online banking passwords, Facebook logins, and mobile wallets stored in our smartphones.  While we still need to safeguard and protect those hard copy documents, we also have to focus on our digital identities. Read More

Why I Started Private Communications Corporation

Thought Leadership
Kent Lawson | Apr 28th, 2015

Kent Lawson, Founder and CEO of Private WiFi, talks about what inspired him to start the company. This is the first in a series of weekly CEO blog posts on this and other topics. Read More


Thank you for subscribing to our newsletters

Your email has been added to our system. You will be e-mailed shortly with a request to confirm your membership. Please make sure to click the link in that message to confirm your subscription.