GSMArena.com GSMArena.com

Tip us

1.7m
126k
RSS

EV

Merch

Log in

Login

I forgot my password
Sign up
  • Home
  • News
  • Reviews
  • Videos
  • Featured
  • Phone Finder
  • Deals
  • MerchNew
  • Coverage
  • Contact
ADVERTISEMENTS

Android security hole makes stealing your personal info easy

  • Post your comment
  • Comments (63)

17 May, 2011

Android Misc

Security is a relative term in digital communications, as German researchers discovered after putting Google’s Android OS through some testing. Reportedly, 99.7% of all droids could be broadcasting the authentication key to your personal Google data when connected over unsecured Wi-Fi networks, making it easy for opportunist attackers to gain access to it.

The problem lies in how some Android apps communicate with the cloud servers. You see, researchers discovered apps transmit user name and password to the server securely and the server returns an authentication token to be used so that the app doesn’t have to log in every time it makes a request.

Researchers discovered, however, that this token is the weak link as it's often transmitted insecurely (making it very easy to steal). An attacker can easily steal one of these tokens by sniffing the unsecured public Wi-Fi network you use. And since the token is valid for up to two weeks (from any device), the attacker can go on and sync your contacts or calendar entries to a device of their own.

In short, your droid may be leaking the key to your personal info without you even knowing it. This type of attack is very similar to how the notorious Firesheep could once steal people’s Facebook accounts.

The researchers tested different Android phones, from different vendors, running different OS versions and found that syncing contacts and calendar data is done insecurely prior to v2.3.3. The Gallery app (developed by a third party and not Google) uses the insecure method even in the latest smartphone version of Android.

Unfortunately, the problem isn't limited to Android’s native apps, third party apps are vulnerable too and will have to be updated to patch the hole.

You can read the blog post by the researchers that found the loophole for more info.

We don't know about you, but that sounds scary to us.

Source

Related articles
  • vivo Y78 goes global with a curved 6.78" 120Hz display and Snapdragon 695 vivo Y78 goes global with a curved 6.78" 120Hz display and Snapdragon 695
  • vivo Y35+ 5G announced with Dimensity 6020 vivo Y35+ 5G announced with Dimensity 6020
  • OnePlus Ace 2 Pro arriving in July with 100W fast charging OnePlus Ace 2 Pro arriving in July with 100W fast charging
  • Honor 90 launches with 200 MP camera, 90 Pro adds 90W charging Honor 90 launches with 200 MP camera, 90 Pro adds 90W charging

Reader comments

v
  • vocker
  • RrR
  • 19 May 2011

Anyone who doesn't care about this is simply a fool. I'm seriously considering dumping them all (droid/iphone) in favor of a standard phone. That said, I don't travel all that much. When I do I'm needing access to email/gps and Pandora (or MP3s on...

  • Reply
?
  • Anonymous
  • MVg
  • 19 May 2011

passwords are there to be hacked. software is made by programmers. hackers are programmers. mobiles phones are designed to trace people. people are like sheep. sheep are stupid. lets go back to the old fashioned way of communication. message i...

  • Reply
d
  • droidwp7
  • v@H
  • 19 May 2011

If its android/google its nt going to be a problem for any one normaly. However if this is a case with wp7, comments are going to be more harsh.

  • Reply
  • Read all comments
  • Post your comment
Total reader comments: 63

ADVERTISEMENTS

Phone finder

  • Samsung
  • Apple
  • Huawei
  • Nokia
  • Sony
  • LG
  • HTC
  • Motorola
  • Lenovo
  • Xiaomi
  • Google
  • Honor
  • Oppo
  • Realme
  • OnePlus
  • vivo
  • Meizu
  • BlackBerry
  • Asus
  • Alcatel
  • ZTE
  • Microsoft
  • Vodafone
  • Energizer
  • Cat
  • Sharp
  • Micromax
  • Infinix
  • TCL
  • Ulefone
  • Tecno
  • Doogee
  • Blackview
  • BLU
  • Panasonic
  • Plum

All brands Rumor mill

ADVERTISEMENTS

Top 10 by daily interest

  Device Daily hits  
1.Samsung Galaxy A5438,234
2.Samsung Galaxy S23 Ultra30,488
3.Xiaomi Redmi Note 12 Pro29,069
4.Xiaomi Redmi Note 1227,441
5.Apple iPhone 14 Pro Max23,664
6.Apple iPhone X22,108
7.Xiaomi Poco F521,523
8.Apple iPhone 1121,450
9.Samsung Galaxy A3421,137
10.Apple iPhone XR20,974

ELECTRIC VEHICLES

Tesla Model 3 production in Shanghai stopped - updated Model 3 is coming Tesla Model 3 production in Shanghai stopped - updated Model 3 is coming Mercedes-Benz EQE SUV goes on sale in China, way cheaper than EQS SUVVolvo EX30 to launch on June 7
ADVERTISEMENTS

Home News Reviews Compare Coverage Glossary FAQ RSS feed Youtube Facebook Twitter Instagram

© 2000-2023 GSMArena.com Mobile version Android app Tools Contact us Merch store Privacy Terms of use Change Ad Consent Do not sell my data