Android handsets 'leak' personal data
Posted in: Mobile & Wireless at 18/05/2011 20:09
More than 99% of Android phones are potentially leaking data that, if stolen, could be used to get the information they store online.
The data being leaked is typically used to get at web-based services such as Google Calendar.
The discovery was made by German security researchers looking at how Android phones handle identification information.
Google has yet to comment on the loophole uncovered by the team.
To read this BBC News report in full, see:
Report: Android phones vulnerable to snooping attack
Most of the Android smartphones on the market are susceptible to an attack in which someone could access calendar and contact data over an unencrypted Wi-Fi network, a team of German researchers said in a new report.
The problem is fixed in the latest version of Android, but 99.7 percent of all Android devices are running older versions, they said. Attacks can be carried out over unencrypted Wi-Fi hot spots by an attacker sniffing an authentication token (authToken) used by the Android devices when they communicate with the Google services, according to "Catching AuthTokens in the Wild: The Insecurity of Google's ClientLogin Protocol," which was released Friday.
Android ClientLogin Security Flaw Puts 99% Of Users At Risk, Say Researchers
A huge percentage of Android users may be vulnerable to password theft because of a security flaw affecting several commonly used apps, according to researchers at the University of Ulm in Germany.
Using several different Android devices, researchers ran apps over unsecured WiFi connections and claimed they were able to intercept authentication information (account names and passwords) belonging to user accounts used on the handsets.