Are Android users open to Authentication Security Risks?

  • Facebook
  • Twitter
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email

According to the University of Ulm in Germany, almost 99 percent of Android users might be vulnerable to a security breach.  If you are using your Android phone to log into an unsecure site, you might want to double check and make sure all your personal information is safe.  The research posted online shows that any phone running Android 2.3.3 or older is at risk due to a bad ClientLogin authentication protocol.  The apps you have on your phone, as well as, installed software use the ClientLogin to request an authToken so that information can be passes securely.

According to the reports, if a user was to log into a site like Twitter or Facebook, the information is stored for 14 days and that opens a window for hackers to see your personal information.  Problems start if you are using an Android phone with an open Wi-Fi connection.  The three researchers on the project wanted to see if they could test the fault and setup their own attack on the security of the platform.

According to the tests that they ran, it is very possible, and easy, to get into Google services once the information is stored on the phone.  Any Google services that is using the ClientLogin, is susceptible to the attacks.  Google was not available for comment on this situation.  The information that is open to attack within the 14 days includes calendar information, contact lists and private Web albums.  All of this information can be hacked into, deleted, edited and modified before the user of the Android device even knows about it.

These attacks are not only for Google apps, but actually any app that uses Google services and the ClientLogin.  One of the main ways to keep your information secure is to not use your Android device in an unsecured web space.  You can turn off programs that automatically set you up via Wi-Fi networks, so your phone and information is a bit safer.

Part of the reason this information is so important is that malware attacks have just been reported to quadruple since June 2010.  This shines a bright light on things that Google is doing and software they create.  The malicious apps in the Android Market have been getting deleted as the threat is acknowledged.  Google can remotely turn off any app, making it more safe if there is a malicious app in the market and already downloaded too many phones.  There isn’t much more you can do until Google sends out a major update for the Android.

Leave a Reply

Your email address will not be published. Required fields are marked *


WP Socializer Aakash Web