- Staff
- #1
- 56,285
- 24,036
99.7% of all Android smartphones vulnerable to serious data leakage
A whopping 99.7% of Android smartphones are leaking login data for Google services, and could allow other access to information stored in the cloud, so claim German security researchers Bastian Könings, Jens Nickels, and Florian Schaub from the University of Ulm.
The problem is in the way that applications which deal with Google services request authentication tokens. These tokens are handy in that they eliminate the need for the user to login to the service, but as the researcher discovered these tokens are sometimes sent in plaintext form over wireless networks. This means that anyone who happened to be eavesdropping on the WiFi network could grab these tokens.
What’s worse is that tokens are not specific to the handset, which means that a token destined for one handset could be used on another.
To make matters worse, tokens are valid for a long period of time (14 days for Calendar tokens), which means that someone grabbing your token could have two weeks worth of access to your data.
There is more to the article - read below
http://www.zdnet.com/blog/hardware/...ones-vulnerable-to-serious-data-leakage/12831
========
essentially, don't use public wifi
A whopping 99.7% of Android smartphones are leaking login data for Google services, and could allow other access to information stored in the cloud, so claim German security researchers Bastian Könings, Jens Nickels, and Florian Schaub from the University of Ulm.
The problem is in the way that applications which deal with Google services request authentication tokens. These tokens are handy in that they eliminate the need for the user to login to the service, but as the researcher discovered these tokens are sometimes sent in plaintext form over wireless networks. This means that anyone who happened to be eavesdropping on the WiFi network could grab these tokens.
What’s worse is that tokens are not specific to the handset, which means that a token destined for one handset could be used on another.
The implications of this vulnerability reach from disclosure to loss of personal information for the Calendar data. For Contact information, private information of others is also affected, potentially including phone numbers, home addresses, and email addresses. Beyond the mere stealing of such information, an adversary could perform subtle changes without the user noticing. For example, an adversary could change the stored email address of the victim’s boss or business partners hoping to receive sensitive or confidential material pertaining to their business.
There is more to the article - read below
http://www.zdnet.com/blog/hardware/...ones-vulnerable-to-serious-data-leakage/12831
========
essentially, don't use public wifi
