Android app brings cookie stealing to unwashed masses

IvanV · Jun 4, 2011, 01:00 PM

A developer has released an app for Android handsets that brings website credential stealing over smartphones into the script kiddie realm.

FaceNiff, as the Android app is called, can be used to steal unencrypted cookies on most Wi-Fi networks, giving users a point-and-click interface for stealing sensitive authentication tokens sent over Facebook, Twitter, and other popular websites when users don't bother to use encrypted SSL, or secure sockets layer, connections. The app works even on networks protected by WPA and WPA2 encryption schemes by using a technique known as ARP spoofing to redirect local traffic through the attacker's device. An attacker would have to know the security password, however.
_______________
Source: The Register

Jun 4, 2011, 01:00 PM	#1
IvanV HH Assassin Guild Member Join Date: Dec 2004 Posts: 5,919 Rep Power: 336 System Specs	Android app brings cookie stealing to unwashed masses A developer has released an app for Android handsets that brings website credential stealing over smartphones into the script kiddie realm. FaceNiff, as the Android app is called, can be used to steal unencrypted cookies on most Wi-Fi networks, giving users a point-and-click interface for stealing sensitive authentication tokens sent over Facebook, Twitter, and other popular websites when users don't bother to use encrypted SSL, or secure sockets layer, connections. The app works even on networks protected by WPA and WPA2 encryption schemes by using a technique known as ARP spoofing to redirect local traffic through the attacker's device. An attacker would have to know the security password, however. _______________ Source: The Register __________________ If anyone has Portal 2 and hasn't played the co-op and wants to do me a favour, let me know (PM me or whatever).