London | Tuesday, 05/17/2011 23:21 pm | By: Endang Suherman
Android phones
Read also:
More than 99 percent of Android phone has the potential to leak the data and if data is stolen can be used to obtain information that is stored in an online network.
The leaked data was generally used to get Internet-based services like Google Calendar.German information security research team discovered this when assessing the potential of Android phones how to deal with identification information such as when users login.
Google is still commenting on the crack found in a team of researchers from the University of Ulm whose members Bastian Konings, Jens Nickels, and Florian Schaub.
Many applications that are installed on Android phones to interact with Google services ask users to provide authentication token, which is a digital identity card for the respective application.
With tokens, users no longer have to login to the service within a specified period.
German research team found, the token was often sent in text that is not encrypted over the wireless network.
"This is what makes the token is easy to determine, so that the evil people who tap the wireless network traffic can find and steal the data token, 'said the BBC quoted the research team, on Tuesday (17 / 5).
Armed with the token, bad people will be able to pretend to be specific users and get their personal information.
According to researchers, the token is not tied to a specific phone or by time of use, so the token can be used to create a mobile phone has the same identity with other phones.
"The opponent can get full access to the calendar, contact information, or private albums on the internet the user's Google," said research team in a blog post when explaining their findings.
Abuse of crack may cause people to lose data, but other changes may be difficult to know.
"The opponent can change your e-mail address of the victim's boss, or business partners that are stored in the hope of getting sensitive or confidential materials related to their business," said research team.
There is no indication that the attack on the current Android exploit this gap.
Nearly all versions of the Android operating system to continue is not encrypted authentication token to another service, according to findings reported by other German teams.
This issue has been resolved in version 2.3.4, but new statistics indicate 0.3 percent of Google's Android mobile phone using the software.
Some other Google services, such as Picasa photo sharing site, still using unencrypted authentication token that can be stolen.
The research team called Android phone owners to update their own mobile phone in order to not become victims of attacks that exploit gaps Android.
Google is reportedly working with the telecommunications operators and phone manufacturers to deliver Android updates faster than the last for this. [End]
