Android might look's like to a safe system, but the German University researchers of Ulm have discovered that using it on an open Wi-Fi network,leaves a hole open for impersonation attacks. Which devices are prone to the attack? 99.7% of Androids, or pretty much every device except for the few ones running on Android 2.3.4.
The researchers summed up their finding about whether it’s possible to launch an attack against Google services. “Yes, it is possible, and it is quite easy to do so. Further, the attack is not limited to Google Calendar and Contacts, but is theoretically feasible with all Google services using the Client Login authentication protocol for access to its data APIs.”
“For instance, the adversary can gain full access to the calendar, contacts information, or private web albums of the respective Google user. This means that the adversary can view, modify or delete any contacts, calendar events, or private pictures. This is not limited to items currently being synced but affects all items of that user.”
Luckily, it seems that the secure https protocol has been implemented for the calendar and contacts authentication in Android 2.3.4, but pictures synced through Picasa could still be a subject to the attack. To minimize the chance of having your data stolen, you could avoid using public open Wi-Fi networks or turn off automatic syncing from the Settings menu in your Android device.
Hopefully, Google will release a fix for the issue now as the research has been published, but in the meantime let us know your opinion. Is that a serious issue for you.
No comments:
Post a Comment