How To Hack Someone's Facebook With Your Android

Firesheep caused quite a stir when it was released last October, giving both hackers and non-hackers instant access to people's account information when on a public Wi-Fi connection.
When logged into an insecure website on the same network as someone with Firesheep, you're giving them access to the cookies that keep you logged in. This is called session hijacking, and grants them easy access to your accounts, like Facebook, Flickr and Twitter. Now, there's an even easier way to do this—a mobile way.

(Spencer E Holtaway)

A recent Android application called FaceNiff can hijack unencrypted login credentials from users on the same Wi-Fi network. But here's the kicker: It also works on networks encrypted with WEP, WPA or WPA2 protection. In order to use FaceNiff, your Android smartphone must first be rooted (here's a list of devices confirmed to work). Right now, FaceNiff works with Amazon, Facebook, Twitter, YouTube and Nasza-Klasa, but more are sure to follow. A video with it in action is below.
And now check out the video below for instructions on installing the FaceNiff application on your rooted Android device, then using it to hijack Facebook accounts. Apparently, the APK only works on three accounts at a time. For unlimited access, you have to buy the application via PayPal.
The FaceNiff website does state this app as being "for educational purposes only," but it's highly doubtful that was the intention.

Android app makes hacking Facebook easy

A new app allows Android-based smartphones to hack into the Facebook or Twitter accounts of other users using the same Wifi network.

FaceNiff gives hackers access to a user's contact details, as well as those of all their friends - a phisher's dream. Developed by Polish computer science student Bartosz Ponurkiewicz, it needs to be loaded onto a jail-broken Android device.
"It's kind of like Firesheep for Android. Maybe a bit easier to use (and it works on WPA2!)," he says.
Ponurkiewicz claims that it works not only on open networks, but also on those secured by the WEP, WPA-PSK and WPA2-PSK network protocols - although not those accessed via https. This is of course an option on Facebook and Twitter, but is not activated automatically.

And it can be used to access the personal information of users of Facebook, Twitter, YouTube and Amazon. Ponurkiewicz says his free version gives access to three hacked profiles, but that he'll sell the unlock code for more through PayPal.
He does add a little disclaimer on the site: "Legal notice: this application is for educational purposes only. Do not try to use it if it's not legal in your country." Hmm.