In October 2010, a small application called Firesheep made Internet users to tremble with fear for their own accounts in social networks, that can be instantly broken by a small extension to Firefox, is able to intercept the session, Facebook, Twitter, Flickr, and Amazon.com during connection establishment over insecure wi-fi network.
Firesheep requires a computer on the same wireless network to steal custom cookies, and authentication with them, so that the potential of committing attacks rather limited. However, an enterprising developer took advantage of the same concept and technology is integrated into an application called Android FaceNiff by providing the user opportunity to seize accounts Facebook, Twitter and YouTube simply connecting to network with your smartphone and run the application.
FaceNiff requires a phone with Android Root access. Protecting the network, probably does not help, because the application can steal information in WEP, WPA and WPA2 Wi-Fi networks.
Applications increases the need for all social networking sites use SSL encryption on all devices to prevent the activities of such programs, as FaceNiff. Facebook and Twitter have this option in the settings, but many users about it just do not know.
Application is considered as an experimental version and is used only for educational purposes, but it was confirmed that it works on HTC Desire CM7, Droid / Milestone CM7, Sony Ericsson Xperia X10, Samsung Galaxy S, Nexus 1 CM7, HTC HD2, LG Swift 2X, LG Optimus Black and LG Optimus 3D.
APK file is limited, so that it can be used to capture Only 3 profiles on social networks. Despite this, the developer Bartosz Ponurkiewicz says that users can deposit money through PayPal to get an unlocked version of the application.