More than 99% of Android phones are potentially leaking data

[Miss Panda]

http://www.bbc.co.uk/news/technology-13422308
http://news.sky.com/skynews/Home/Technolog...%2C_Study_Shows

More than 99% of Android phones are potentially leaking data that, if stolen, could be used to get the information they store online.

The data being leaked is typically used to get at web-based services such as Google Calendar.

The discovery was made by German security researchers looking at how Android phones handle identification information.

Google has yet to comment on the loophole uncovered by the team.QUOTESometimes, the study says, these tokens are sent in plain text over wireless networks. This makes the tokens easy to spot so criminals eavesdropping on the wi-fi traffic would be able to find and steal them, suggest the researchers.

Armed with the token, criminals would be able to pose as a particular user and get at their personal information.

Even worse, found the researchers, tokens are not bound to particular phones or time of use so they can be used to impersonate a handset almost anywhere.

Blimey, here we go again.



I couldn't see this posted anywhere here yet.

 

[Deleted member 473940]

LOL. First PSN and now this.
Nothing is safe these days

 

[chris888222]

LOL. First PSN and now this.
Nothing is safe these days

Hmm... I hear from fanboys that PSN shop has the android library? Will it be affected again?

 

[SamAsh07]

Lol, wow lucky me

sold my android 2 weeks back.

 

[Pong20302000]

lol more like a push to make everyone get a update to 2.3.5

Edit:
just looked on google blog
they said "eyy we fixed it in 2.3.4 but just all devices dont use that one"

 

[Cuelhu]

LOL. First PSN and now this.
Nothing is safe these days

Symbian is safe.

 

[SamAsh07]

LOL. First PSN and now this.
Nothing is safe these days

Symbian is safe.

*Proud owner of Nokia 5700 Xpress Music

*

 

[Zorua]

Can't wait for the devs to claim that this wasn't done on purpose and that they're gonna fix it with a security update.

 

[smile72]

I kinda wanted an Android (I have a Blackberry) if not just for Disgaea for Android, I think NISA is going to release it, because the series always gets them tons of cash. I've gotta find a way of getting one, even though they leak data (which will hopefully be fixed before Disgaea for Android hits the U.S).

 

[imz]

LOL. First PSN and now this.
Nothing is safe these days

Symbian is safe.

+1 Symbian is awesome and underrated

 

[SamAsh07]

LOL. First PSN and now this.
Nothing is safe these days

Symbian is safe.

+1 Symbian is awesome and underrated

+10 for truth.

 

[BlueStar]

It's something that needs to be patched, certainly. But it's only a problem if you sit around all day using coffee shop wi-fi and someone can be bothered to hang around packet sniffing for hours for the sake of accessing a stranger's calendar.

 

[Foxi4]

Newsflash!

100% of bluetooth, wi-fi or any other wireless connection types leak data. Intercepting a wireless signal takes 1 antena, 1 laptop and some spare time.

Newsflash #2!

Cable connections also have the capacity to leak data - you have 0 knowledge of where the cable goes as soon as it leaves your house. The admins have 0 knowledge of where the cable goes as soon as it leaves the server room. Etc, etc.

Newsflash #3!

Data leaks are nothing new. Messengers "leaked" data via means of arrowheads in the face in the Roman Empire, digital data can be "snatched" nowadays. Not much has changed.

 

[Cuelhu]

Newsflash!

100% of bluetooth, wi-fi or any other wireless connection types leak data. Intercepting a wireless signal takes 1 antena, 1 laptop and some spare time.

Newsflash #2!

Cable connections also have the capacity to leak data - you have 0 knowledge of where the cable goes as soon as it leaves your house. The admins have 0 knowledge of where the cable goes as soon as it leaves the server room. Etc, etc.

Newsflash #3!

Data leaks are nothing new. Messengers "leaked" data via means of arrowheads in the face in the Roman Empire, digital data can be "snatched" nowadays. Not much has changed.

they are sending personal information as plain text, with no encryption whatsoever. That's the problem, not the use of insecure connections.

 

[gumgod]

There's a reason I don't let my phone connect to random wifi networks. In fact 99% of the time the wifi radio on my phone is off. I would hope it would be much harder to sniff the packets if they are going through the 3G network.

 

[ItsMetaKnight]

I don't see why everyone thinks this is a major security issue? There is no active leaking data. It's the same as if you would use your laptop in a non-secured WLAN. Wow, all laptops are insecure.

 

[shakirmoledina]

i think the sony issue has sparked some research to check all devices on how they perform security wise. Everything is unsafe and probably already hacked but ppl dont know and hence ethical hackers try to find out what. The 27c3 conference also aimed to show that some lines are hackable just near the building.

 

[CarbonX13]

Google's announced that they will be applying a 'stealth patch' for everyone's devices in the next few days. The patch will not require any carriers to officially push it out, nor require you to actually perform the update through your device. Apparently this one will only help for Contacts and Calendars, while further updates will patch everything up completely.

Source