GSMArena.com GSMArena.com

Tip us

1.5m
109k
RSS

EV

Merch

Log in

Login

I forgot my password
Sign up
  • Home
  • News
  • Reviews
  • Videos
  • Featured
  • Phone Finder
  • Deals
  • MerchNew
  • Coverage
  • Contact
ADVERTISEMENTS

Android security hole makes stealing your personal info easy

  • Post your comment
  • Comments (63)

17 May, 2011

Android Misc

Security is a relative term in digital communications, as German researchers discovered after putting Google’s Android OS through some testing. Reportedly, 99.7% of all droids could be broadcasting the authentication key to your personal Google data when connected over unsecured Wi-Fi networks, making it easy for opportunist attackers to gain access to it.

The problem lies in how some Android apps communicate with the cloud servers. You see, researchers discovered apps transmit user name and password to the server securely and the server returns an authentication token to be used so that the app doesn’t have to log in every time it makes a request.

Researchers discovered, however, that this token is the weak link as it's often transmitted insecurely (making it very easy to steal). An attacker can easily steal one of these tokens by sniffing the unsecured public Wi-Fi network you use. And since the token is valid for up to two weeks (from any device), the attacker can go on and sync your contacts or calendar entries to a device of their own.

In short, your droid may be leaking the key to your personal info without you even knowing it. This type of attack is very similar to how the notorious Firesheep could once steal people’s Facebook accounts.

The researchers tested different Android phones, from different vendors, running different OS versions and found that syncing contacts and calendar data is done insecurely prior to v2.3.3. The Gallery app (developed by a third party and not Google) uses the insecure method even in the latest smartphone version of Android.

Unfortunately, the problem isn't limited to Android’s native apps, third party apps are vulnerable too and will have to be updated to patch the hole.

You can read the blog post by the researchers that found the loophole for more info.

We don't know about you, but that sounds scary to us.

Source

Related articles
  • Samsung Galaxy XCover6 Pro official with 5G connectivity and removable back Samsung Galaxy XCover6 Pro official with 5G connectivity and removable back
  • Detailed images of the Nothing phone (1) emerge, show out black variant Detailed images of the Nothing phone (1) emerge, show out black variant
  • Tecno Pova 3 is an affordable smartphone with 7,000 mAh battery and 33W fast charging Tecno Pova 3 is an affordable smartphone with 7,000 mAh battery and 33W fast charging
  • Xiaomi 12S Ultra will have 1-inch Sony IMX989 camera sensor Xiaomi 12S Ultra will have 1-inch Sony IMX989 camera sensor

Reader comments

v
  • vocker
  • RrR
  • 19 May 2011

Anyone who doesn't care about this is simply a fool. I'm seriously considering dumping them all (droid/iphone) in favor of a standard phone. That said, I don't travel all that much. When I do I'm needing access to email/gps and Pandora (or MP3s on...

  • Reply
?
  • Anonymous
  • MVg
  • 19 May 2011

passwords are there to be hacked. software is made by programmers. hackers are programmers. mobiles phones are designed to trace people. people are like sheep. sheep are stupid. lets go back to the old fashioned way of communication. message i...

  • Reply
d
  • droidwp7
  • v@H
  • 19 May 2011

If its android/google its nt going to be a problem for any one normaly. However if this is a case with wp7, comments are going to be more harsh.

  • Reply
  • Read all comments
  • Post your comment
Total reader comments: 63

ADVERTISEMENTS

Phone finder

  • Samsung
  • Apple
  • Huawei
  • Nokia
  • Sony
  • LG
  • HTC
  • Motorola
  • Lenovo
  • Xiaomi
  • Google
  • Honor
  • Oppo
  • Realme
  • OnePlus
  • vivo
  • Meizu
  • BlackBerry
  • Asus
  • Alcatel
  • ZTE
  • Microsoft
  • Vodafone
  • Energizer
  • Cat
  • Sharp
  • Micromax
  • Infinix
  • TCL
  • Ulefone
  • Tecno
  • BLU
  • Blackview
  • Acer
  • Panasonic
  • Plum

All brands Rumor mill

ADVERTISEMENTS

Top 10 by daily interest

  Device Daily hits  
1.Nothing phone (1)83,108
2.Xiaomi Poco F436,737
3.HTC Desire 22 Pro24,636
4.Samsung Galaxy S22 Ultra 5G23,447
5.Xiaomi Poco X4 GT22,705
6.Samsung Galaxy A53 5G20,546
7.Apple iPhone 13 Pro Max18,489
8.Xiaomi Redmi Note 1118,357
9.Samsung Galaxy A1316,020
10.Samsung Galaxy A73 5G13,751

ELECTRIC VEHICLES

MG4 Electric is coming to Europe before the end of the year with up to 450km of range MG4 Electric is coming to Europe before the end of the year with up to 450km of range Five EU member states are against the 2035 ICE banFirst official photos of Hyundai Ioniq 6 - we have them
ADVERTISEMENTS

Home News Reviews Compare Coverage Glossary FAQ RSS feed Youtube Facebook Twitter Instagram

© 2000-2022 GSMArena.com Mobile version Android app Tools Contact us Merch store Privacy Terms of use Change Ad Consent Do not sell my data