Own an Android device? Okay, listen up. Seems like the Wunderkind of the OS world that could do no wrong has a fatal flaw. Researchers from Germany’s University of Ulm has found that it’s extremely easy to attack and gain valuable data from Android devices like calendars, contacts and other goodies. The vulnerability comes from implementation of an authentication protocol known as ClientLogin which is present in Android versions 2.3.3 and below. The researchers said that “We wanted to know if it is really possible to launch an impersonation attack against Google services and started our own analysis. The short answer is: Yes, it is possible, and it is quite easy to do so. Further, the attack is not limited to Google Calendar and Contacts, but is theoretically feasible with all Google services using the ClientLogin authentication protocol for access to its data APIs.” Yikes. How can you protect yourself? Well, it seems that this particular exploit is only possible through unsecured wireless hotspots, so if you’re able to stay clear of those it won’t be a problem. Google is aware of the issue and is trying to locate a fix.
Via: The Guardian
Source: Institute of Media Informatics