Researchers have found devices running Google’s Android operating system are vulnerable to data theft.Android has weaknesses that hackers can exploit to gain access to users’ calendars, contacts and pictures, the research claims.
Researchers at Germany’s University of Ulm investigated how the Android OS left data open through the login authentication process for apps.“We wanted to know if it was really possible to launch an impersonation attack against Google services and started our own analysis,” the researchers in the university’s Institute of Media Informatics said in a blog post. “The short answer is yes, it is possible, and it’s quite easy to do so.”
Hackers can gain access through ’tokens’, or authentication tags needed by users to access their data through the network. These are unencrypted on insecure networks, providing a way for hackers to break into the majority of Android phones.The latest Android phones have been secured, although devices with Picasa web albums still transmit data through unencrypted channels, according to the research.
“Since Android 2.3.4, the Calendar and Contacts apps are using a secure https connection. However, the Picasa synchronisation is still using http and thus is vulnerable,” said the blog.