Android smartphones 'vulnerable to hackers'

>> Wednesday, June 8, 2011

Android smartphones 'vulnerable to hackers'

04:46 AM May 20, 2011

ULM (Germany) - Almost all Android smartphones are vulnerable to personal data theft when connected to an unencrypted WiFi network, security researchers have revealed.

By eavesdropping on data sent to the Google Calender, Contacts and Picasa apps, hackers could steal login credentials and gain full access to accounts.

"For instance, the adversary can gain full access to the calendar, contacts information, or private Web albums of the respective Google user," the researchers from the University of Ulm wrote.

"This means that the adversary can view, modify or delete any contacts, calendar events, or private pictures. This is not limited to items currently being synced but affects all items of that user."

The vulnerable data are known as authentication tokens. They allow users to log in to online services via apps for up to two weeks at a time. Normally authentication tokens are sent to smartphones as encrypted files but the researchers found that handsets running Android up to version 2.3.3 receive them as plain text files that can be read by anybody.

Using freely-available "sniffing" software, hackers could grab the data from the air, making it "quite easy" to hijack Google Calender, Contacts and Picasa accounts, the researchers said.

Google has said it is aware of the vulnerability and has patched it in the latest Android update, version 2.3.4.

However, 99.7 per cent of Android handsets in use run version 2.3.3 or earlier and the update schedule is controlled by mobile networks, not users.

The researchers, who published their findings online, recommended that Android users avoid connecting via unencrypted WiFi networks until they receive version 2.3.4. THE DAILY TELEGRAPH

Source: www.todayonline.com

0 comments:

Post a Comment

  © Blogger template Webnolia by Ourblogtemplates.com 2009

Back to TOP