Researchers at the German University of Ulm have discovered that the majority of Android devices are potentially vulnerable to a security risk, and the risk applies to Android devices which are running on Android 2.3.3 and below.
The research claims that the Android devices are vulnerable because of a faulty ClientLogin authentication protocol, when they are used on an unsecured network, and the protocol is used when people use apps to login to things like Facebook and Twitter.
According to the researchers when someone logs into Facebook, Twitter or Google Calendar or anything else that uses the protocol, their information can be stored for up to 14 days, this means that the information is vulnerable to attacks.
“We wanted to know if it is really possible to launch an impersonation attack against Google services and started our own analysis,” they said. “The answer is: Yes, it is possible and it is quite easy to do so. Further, the attack is not limited to Google Calendar and Contacts, but is theoretically feasible with all Google services using the ClientLogin authentication protocol for access to its data APIs.”
This does sound quite worrying, especially when you consider the amount of times you use an unsecured WiFi network, Google have not responded to the report as yet, as soon as we get some more information we will let you guys know.
Source PC Mag
Disclosure: Some of our articles include affiliate links. If you buy something through one of these links, Geeky Gadgets may earn an affiliate commission. Learn more.