Android Phones Leak Your Personal Data
99.7% of Android smartphones are vulnerable to an attack in which someone could access all your sensitive data over an unencrypted Wi-Fi network, a team of German researchers said in a new report.
The report, from the University of Ulm, found that handsets using Google's operating system are open to significant data leaks which leaves users calendars, contacts and pictures exposed.
Only the latest phones with system version 2.3.4 have had the leak plugged, meaning that 99.7% of handsets could be targeted.
The "security hole" stems from a flaw in Google's ClientLogin authentication protocol, which verifies communication between Android devices and applications.
When a user needs to access their apps such as calendar, contacts or photo apps an authentication "token" is retrieved. The probles is that these tokens are then sent unencrypted in plain text over non-secure networks. That means that hackers watching wi-fi traffic can easily spot these tokens (which are valid for up to two weeks) and use them to pose as the phone owner.
The flaw was discovered in phones such as HTC Desire, Nexus One and Motorola XOOM.
A spokesperson for Google said: "We are aware of this issue, and have already fixed it for calendar and contacts in the latest versions of Android.
"We are working on fixing it in Picasa (picture application)."
-
- groups:
- Community, News and Politics, Tech, Technology
-
- tags:
- Google, Android, Cell Phones, Mobile Phones, 1 more
