Universität Ulm Researchers Report About 99% Of Android Phones Are Vulnerable To Attacks

Amit Chowdhry | Tuesday May 17, 2011 | 1,111 views| Add a Comment


According to researchers at Universität Ulm in Germany, a majority of devices that run on the Google Android operating system are vulnerable to attacks that allows people to steal digital credentials stored on calendars, contacts, etc.

The weakness of the phone is associated with an authentication protocol that is known as ClientLogin in Android versions 2.3.3 and earlier. Once a user submits valid credentials for Google Calendar, Contacts, and other services, the programming interface retrieves a token that is sent in cleartext. The authToken can be used for about 14 days in subsequent requests and attackers can exploit them to gain access to the accounts.

“We wanted to know if it is really possible to launch an impersonation attack against Google services and started our own analysis,” stated the researchersat the university’s Institute of Media Informatics. “The short answer is: Yes, it is possible, and it is quite easy to do so.”

Google had patched the issue in Android 2.3.4, but that version still causes synchronization issues with Picasa. Given that about 99% of people use Android 2.3.3 or earlier, that means that a large number of Android users are vulnerable to such an attack. Google is aware of the issue and is working on a fix.

[The Register UK]

Related posts:

  1. Google Android Becomes World’s Leading Smart Phone Platform [REPORT]
  2. Google Street View Smart Navigation For Android Phones Released
  3. Google Is Activating 300,000 Android Phones Per Day
  4. Google Launches Docs App For Android
  5. HTC CEO Peter Chou Reveals At Least 3 More Android Phones Arriving This Year


If you loved this post, "Like" us on Facebook!

This website uses IntenseDebate comments, but they are not currently loaded because either your browser doesn't support JavaScript, or they didn't load fast enough.

Copyright 2011 Pulse 2, LLC | About | Privacy Statement