I own an Android . You own an Android . Heaps of people own Androids . But seemingly 99 per cent of them can be easily attacked , every time we log into a website on an unsecured web .
This is according to research worker at the University of Ulm , in Germany , who set up that any telephone set running a version of Android prior to 2.3.3 are vulnerable to an attack thanks to a frail ClientLogin authentication communications protocol . Any fourth dimension an Android user augury into a service such as Twitter , Facebook or a new Google account statement , the authToken data is hive away for 14 days , and accessible if you know how to go about it , take the researchers :
“ To collect such authTokens on a prominent scale an adversary could setup a wireless local area internet access point with a common SSID ( vicious similitude ) of an unencrypted wireless electronic internet , e.g. , T - Mobile , attwifi , starbucks … With default options , Android phones automatically link to a previously known internet and many apps will attempt sync immediately . While sync would fail ( unless the resister forwards the postulation ) , the opposer would catch authTokens for each avail that attempted synchronize . ”
The team pretend an attack , and find out it was “ quite easy to do so . ” draft . The reason 99 per centime of the Android handsets in universe are said to be vulnerable to such an attack ? It ’s because any sound not running Android 2.3.4 , which Google let go of a few week ago , has n’t had the security pickle piece yet .
While a locating from Google would solve this problem , Android user are recommended to only utilize ClientLogin on HTTP site for now . [ Uni - UlmviaThe Register ]
AndroidGooglePrivacySecurity
Daily Newsletter
Get the best tech , science , and culture news in your inbox daily .
News from the future , deliver to your present .
You May Also Like
