Android was in the hot seat after researchers from the University of Ulm, Germany, discovered security leaks in this operating system. This security hole makes 99 percent of Android phone users’ confidential data leak.
According to one researcher from the University of Ulm, Bastian Könings, the problem lies in the authentication protocol named ClientLogin. The facility is in charge of verifying the communication between Android and Google applications, like Google Calendar, Google Contacts, and Picasa. ClientLogin also be used on third-party applications associated with Twitter and Facebook.
ClientLogin designed to create a token that stores the user’s username and password so that users do not need to enter any confidential data is about to go into various applications online. Security hole is because data sent over the http channel is not encrypted. As a result, user data can be stolen others through public wi-fi network.
“This means that other people can see, modify, and delete all the contacts, to-do on the calendar, and personal pictures,” said Könings on page university.
According to him, 99.7 percent Andorid users vulnerable to security attacks. More frightening, a stolen token is still valid up to two weeks. “Thieves can exploit this token anytime and anywhere,” he added.
As a precaution, the researchers asked University of Ulm Android users update their operating system to veri 2.3.4 and turn off the automatic synchronization feature when the phone is in the public wi-fi network.
Newly discovered security holes it adds a black stain on the Android after some time ago found malware on some applications. Note the past year shows malware on Android applications increased by 400 percent.
Incoming search terms:
