Snappy newsletters. Simple Facebook sharing. Spirited comments. Sweet features are waiting… GET THEM NOW!

Hot on Facebook
Think You're Pretty Hot? You're Probably Wrong Study finds we have inflated vision of ourselves »

Android Phones Have Security Flaw: Report

Google has fixed the problem, but most people haven't downloaded patch

By Kevin Spak,  Newser Staff

Posted May 17, 2011 2:20 PM CDT

(Newser) – A group of university researchers has found a major security flaw that makes more than 99% of Android phones vulnerable to attacks from identity thieves. If users jump onto an unsecured public WiFi network, would-be thieves can swipe the authentication tokens used by Google Calendars and Contacts, the Register explains. That will give them access to all manner of their victims' personal data for two weeks.

“We wanted to know if it is really possible to launch an impersonation attack against Google services,” the researchers write. “The short answer is: Yes, it is possible, and it is quite easy to do so.” Even though Google has fixed the problem in Android version 2.3.4, an estimated 99% of Android phones remain vulnerable. Researchers say there’s a similar flaw with Picasa web albums, which Google is working on, but has not yet solved.

In this 2008 file photo, the T-Mobile G1 Android-powered phone, the first cell phone with the operating system designed by Google Inc., is shown in New York.
In this 2008 file photo, the T-Mobile G1 Android-powered phone, the first cell phone with the operating system designed by Google Inc., is shown in New York.   (AP Photo/Mark Lennihan, file)
In this 2008 file photo, the T-Mobile G1 Android-powered phone, the first cell phone with the operating system designed by Google Inc., is shown in New York.
In this 2008 file photo, the T-Mobile G1 Android-powered phone, the first cell phone with the operating system designed by Google Inc., is shown in New York.   (AP Photo/Mark Lennihan, file)
« Prev« Prev | Next »Next » Slideshow
My TakeCLICK BELOW TO VOTE
6%
14%
4%
0%
67%
10%
To report an error on this story, notify our editors.
COMMENTS
Showing 3 of 3 comments
Disillusioned
May 17, 2011 6:52 PM CDT
And a week ago everyone was ragging on Apple and Android is wide open for exploit  News flash ANY wireless device which contains personal information is a safe waiting to be cracked with the proper scanner There is no security Security is imaginary if someone wants it badly enough they SHALL obtain it Cops already have a scanner that can easily scan a cell phone without any passwords or permission You own a device, watch your rear closely
firenze
May 17, 2011 3:02 PM CDT
As a pragmatic response, note the easy preventative measure... don't use unsecured public WiFi.  If you're using an Android phone, presumably you also have data service so you don't even need to use WiFi.  Unsecured public connections tend not to be that fast either, so you're likely not getting the speed benefit of joining a fast WiFi network. Also, the threat is a bit more remote in that the prospective "thief" would have to know you are on the public network and be connected to it at the same time.  Certainly possible that somebody will sit on a public network waiting to find unsuspecting targets, but be realistic about the chances.
jsimmy
May 17, 2011 2:26 PM CDT
Google better tighten the ship up or they're gonna get their asses handed to them by Facebook. 

 
identity theft computer security smartphones Android Google Android smartphone hacking

 
NEWS FROM OUR PARTNERS
Other Sites We Like:   24/7 Wall St.   |   BuzzFeed   |   Cracked   |   Timelines   |   POPSUGAR Tech   |   Business Insider   |   HuffPost Entertainment   |   NewsOne