per London Financial Times: Android smartphones face WiFi data breach threat

per London Financial Times: Android smartphones face WiFi data breach threat

[ Edited ]

if you want to believe google, go ahead. if you don't, like i don't, read on. I think the financial times of london may be more honest.


FT.com / Technology - Android smartphones face data breach threat


"Android smartphones face WiFi data breach threat"

By Tim Bradshaw, Digital Media Correspondent
The Financial Times Limited 2011
Published: May 18 2011 13:11 | Last updated: May 18 2011 13:11

Owners of Android smartphones are being warned to avoid public WiFi networks after researchers found a security flaw that could affect the vast majority of devices based on Google’s software.

A trio of researchers at Ulm University in Germany found that it was “quite easy” for hackers to intercept data from Google’s photo-sharing, calendar and contacts applications, as well as potentially other Google services such as Gmail, using a flaw that affects 99 per cent of all Android devices.

The revelation will again put the spotlight on Google’s approach to security with its mobile operating system, which is the most popular software for smartphones in the world.

The security flaw has been fixed in Android’s 2.3.4 version of its operating softwares and beyond.

In March, Google was forced to remove more than 50 rogue applications, which could have stolen data or sent costly messages, from tens of thousands of Android devices.

The attack works when unsecured wireless access points that imitate public WiFi hot spots that the phone has accessed before – such as a coffee shop chain – capture an authentication token.

That token can then be used by attackers to access and modify personal data in Picasa, Google’s photo site, Calendar and Contacts. Business customers using Google apps on Android are not affected by the weakness because all traffic is encrypted by default.

“The implications of this vulnerability reach from disclosure to loss of personal information for the Calendar data,” said the Ulm researchers in a posting on their website.

“Beyond the mere stealing of such information, an adversary could perform subtle changes without the user noticing. For example, an adversary could change the stored e-mail address of the victim’s boss or business partners hoping to receive sensitive or confidential material pertaining to their business.”

Google said of the flaw: “We’re aware of this issue, have already fixed it for calendar and contacts in the latest versions of Android, and we’re working on fixing it in Picasa.”

However, according to the researchers, the flaw still affects devices running older versions of Android, which make up 99.7 per cent of Google smartphones in use today.

“The latest research just shows that Android users need to be even more careful with their phones than they are with their PCs,” said Omri Sigelman, vice-president of AVG Mobilation, a provider of security software for Android.

“All platforms are vulnerable to hackers, particularly at the beginning of their lives, but the openness and popularity of Android means that it is especially at risk. Sadly, many operators don’t provide the necessary updates, leaving their users vulnerable to critical flaws like this one.”

The Ulm researchers recommended that Android users turn off “automatic synchronisation” in the settings menu when connecting with open WiFi networks and let their devices “forget” wireless networks they have used previously.

“The best protection at the moment is to avoid open WiFi networks at all when using affected apps,” they wrote.

FT.com / Technology - Android smartphones face data breach threat

Copyright The Financial Times Limited 2011.

Message 1 of 4 (415 Views)
Master

Re: per London Financial Times: Android smartphones face WiFi data breach threat

The fix is being applied on server side.

http://m.engadget.com/default/article.do?artUrl=http://www.engadget.com/2011/05/18/google-confirms-a...
Probably from mobile, maybe. Smiley Happy
Message 2 of 4 (392 Views)
Professor

Re: per London Financial Times: Android smartphones face WiFi data breach threat


Ann154 wrote:
The fix is being applied on server side.

http://m.engadget.com/default/article.do?artUrl=http://www.engadget.com/2011/05/18/google-confirms-a...

one thing for sure, Google moves faster than ma bell when it comes to updates, etc. effecting its customers.   "just saying..." 

 

Comment regarding calendaring/contacts .  I never felt compfy saving my contact info and other wise in a "cloud" environment .  As far as my android, i turned off syncing to google (even though i am "sure" they still have access) just because i dont care to have all that stored elsewhere.  If I lose my info, well, i have to rebuild.  Most of which are already stored on my monthly bills (phone numbers i normally call and receive interactions).


I could really care less about calendaring since i use work calendars most  on my job.   As far as personal calendaring, i dont put too much on it anyways.

Message 3 of 4 (372 Views)
Highlighted

Re: per London Financial Times: Android smartphones face WiFi data breach threat

guys, almost all phones have a security flaw that is "serious" in nature. Look at the iphone and WP7 both. None of these phones would be able to be jailbroken/rooted/cracked without these security flaws.
Message 4 of 4 (291 Views)
Share this topic
Announcements

Welcome to the AT&T Community Forums!!! Stop by the Community How-To section for tips on how to get started.