Engadget reports that an Android app called FaceNiff is basically turning the process of hacking social media accounts into a laughably simple process. It uses a technique called cookie-jacking — meaning that it essentially sniffs out and copies the security token which identifies you to a site — and basically functions just like the sneaky FireSheep Firefox extension which caused security panic a few months ago.
As you can see in the video demonstration below, all that someone with malicious intent needs to do is install FaceNiff on a rooted Android device, connect to a Wi-Fi network, open the app, and wait for someone to log into Facebook, Twitter, YouTube, or another supported site. The instant that happens, the app will present access to the victim's account and allow the hacker to use it just as if he or she'd logged into it personally.
So what exactly can you do to keep yourself safe? The same thing you did to protect yourself from FireSheep attacks: Watch out for shady Wi-Fi networks and use HTTPS.
As FaceNiff works on secured and unsecured Wi-Fi networks — this means that WEP, WPA-PSK, or WPA2-PSK enabled networks are vulnerable as well — you really need to be careful. Do you trust whoever set up the network you're logging on to? Do you even know who runs it? Think twice about using free public networks.
Simple paranoia and vigilance isn't enough to keep you safe though. You need to actually take some steps to secure your accounts and services.
We've got instructions on how to lock down your Facebook account with HTTPS here and a quick guide on protecting your Twitter account here. If you haven't already gone through those processes, do it now. It'll only take a few moments and half a dozen clicks, but it'll let you use a more secure version of each service.