Android Account Info Leakage Epidemic

Source: http://gizmodo.com/5802617/androids-account-info-leakage-epidemic

Android's Personal Data Leakage ProblemI own an Android. You own an Android. Heaps of people own Androids. But apparently 99 per cent of them can be easily attacked, every time we log into a website on an unsecured network.

This is according to researchers at the University of Ulm, in Germany, who found that any phones running a version of Android prior to 2.3.3 are vulnerable to an attack thanks to a weak ClientLogin authentication protocol. Any time an Android user signs into a service such as Twitter, Facebook or a new Google account, the authToken information is stored for 14 days, and accessible if you know how to go about it, claim the researchers:

“To collect such authTokens on a large scale an adversary could setup a wifi access point with a common SSID (evil twin) of an unencrypted wireless network, e.g., T-Mobile, attwifi, starbucks…With default settings, Android phones automatically connect to a previously known network and many apps will attempt syncing immediately. While syncing would fail (unless the adversary forwards the requests), the adversary would capture authTokens for each service that attempted syncing.”

The team feigned an attack, and found it was “quite easy to do so.” Gulp. The reason 99 per cent of the Android handsets in existence are said to be vulnerable to such an attack? It’s because any phone not running Android 2.3.4, which Google released a few weeks ago, hasn’t had the security hole patched yet.

While a fix from Google would solve this problem, Android users are recommended to only use ClientLogin on https sites for now. [Uni-Ulm via The Register]

Tags: , , , , , , , , , , , , , , , , , , ,

By: Dr. Augustine Fou Tuesday, May 17th, 2011 news

Leave a Reply

Dr. Augustine Fou is Digital Consigliere to marketing executives, advising them on digital strategy and Unified Marketing(tm). Dr Fou has over 17 years of in-the-trenches, hands-on experience, which enables him to provide objective, in-depth assessments of their current marketing programs and recommendations for improving business impact and ROI using digital insights.

Augustine Fou portrait
http://twitter.com/acfou
Send Tips: tips@go-digital.net
Digital Strategy Consulting
Dr. Augustine Fou LinkedIn Bio
Digital Marketing Slideshares
The Grand Unified Theory of Marketing