Install App Install App

99.7 percent of Android devices vulnerable to unencrypted Wi-Fi attack

By Abhinav Lal | Published on 18 May 2011
99.7 percent of Android devices vulnerable to unencrypted Wi-Fi attack

Folks over at Ulm University in Germany have determined that all Android phones running any version below Android 2.3.4 Gingerbread are vulnerable to attacks over unencrypted Wi-Fi networks. And since only the Nexus S, and a few other devices have that update onboard, that pretty much means the entire Android user base (99.7%) is at risk.

The German researchers published their findings in a paper entitled "Catching AuthTokens in the Wild: The Insecurity of Google's ClientLogin Protocol." Vulnerability is specific to unencrypted Wi-Fi hot spots, where the team demonstrated an attack that gained access to all items of contacts, calendar events, and private pictures, including those currently being synced. This is done with an impersonation attack, stealing authToken (authentication tokens), markers used to communicate between the Android device and Google services.

[RELATED_ARTICLE]By steal authToken, the hackers can theoretically access a variety of other Google services on the phone, at least those that use ClientLogin authentication protocol for its data APIs. The best solution is to upgrade to Android 2.3.4, but upgrades are hard to come by, with both manufacturers and operators lagging far behind the curve.

All is not so bleak though - switch-off automatic synchronization on your device, and don’t use apps, whenever you log on to unencrypted Wi-Fi. Or in other words, don’t log on to an open Wi-Fi network.


 

Screenshot of Wireshark showing the authToken for ClientLogin in a data API request to the Picasa Web Albums service.

Abhinav Lal

About Me: https://plus.google.com/u/0/118371002657670425415/posts Read More

Tags:
Ulm University Germany Android Android 2.3.4 Android Gingerbread Android 2.3.4 Gingerbread authToken Google services Picasa Google Calendar Google Contacts Android vulnerability Android attack Android impersonation attack
Install App Install App
Advertisements

Trending Articles

Advertisements

LATEST ARTICLES View All

Advertisements

Hot Deals View All

Samsung Galaxy M21 2021 Edition (Arctic Blue, 4GB RAM, 64GB Storage) | FHD+ sAMOLED | 6 Months Free Screen Replacement for Prime (SM-M215GLBDINS)
Samsung Galaxy M21 2021 Edition (Arctic Blue, 4GB RAM, 64GB Storage) | FHD+ sAMOLED | 6 Months Free Screen Replacement for Prime (SM-M215GLBDINS)
₹ 12999 | $hotDeals->merchant_name
OnePlus Nord 2 5G (Blue Haze, 8GB RAM, 128GB Storage)
OnePlus Nord 2 5G (Blue Haze, 8GB RAM, 128GB Storage)
₹ 29999 | $hotDeals->merchant_name
OnePlus Nord CE 5G (Charcoal Ink, 6GB RAM, 128GB Storage)
OnePlus Nord CE 5G (Charcoal Ink, 6GB RAM, 128GB Storage)
₹ 22999 | $hotDeals->merchant_name
Redmi 9A (Nature Green, 2GB RAM, 32GB Storage) | 2GHz Octa-core Helio G25 Processor | 5000 mAh Battery
Redmi 9A (Nature Green, 2GB RAM, 32GB Storage) | 2GHz Octa-core Helio G25 Processor | 5000 mAh Battery
₹ 7299 | $hotDeals->merchant_name
Samsung Galaxy M31 (Ocean Blue, 6GB RAM, 128GB Storage)
Samsung Galaxy M31 (Ocean Blue, 6GB RAM, 128GB Storage)
₹ 19000 | $hotDeals->merchant_name
DMCA.com Protection Status