Over 99% of Android phones are potentially at risk of handing out data which could be used to collect information stored online
- Data which is being leaked, is used to get web based services, i.e. Google Calendar.
- German Security Researchers discovered the flaw whilst looking at how Android phones handle identification information.
- Google has not commented on the loophole found.
- The researchers Bastian Konings, Jens Nickels and Florian Schaub are from the University of Ulm.
- The researchers made the find when watching how the Android phone handles login credentials for web based services.
- Lots of applications installed onto Android phones interact with Gogole services by asking for a token of authenticity.
- This is a digital ID for that specific app.
- Once the token is issued it removes the need to log into a service over a given time.
- Researchers found sometimes these tokens are sent in plain text over wireless networks.
- This could make easy picking for criminals to eavesdrop on the Wi-Fi traffic and steal them, researchers believe.
- Once someone has the token, they can then pose as a particular user and get at personal information.
- The tokens are not bound to a particular phone or time length, so can impersonate a handset almost anywhere.
- There is no evidence that Android phones are being targeted in this way by the criminals at the moment.
- Android phone users are urged to update their device to avoid falling victim to this loophole.
- Android users need to be running Version 2.3.4., where a patch has been introduced.
Add A Comment