Wednesday, May 18, 2011

German researchers find vulnerability in Google's Android


IT experts from the University of Ulm have discovered a security flaw in Google's Android system. Hackers could steal data over the wireless network.
The Internet company Google is facing charges for handling the data of its users. IT experts from the University of Ulm to have discovered a security flaw in the Android platform that Google manufacturers of so-called smart phones free of charge is.
The researchers cautioned that can tap into unencrypted wireless networks, attacker identification key from the Google contacts and calendars as well as a user's account with Picasa photo service. "We are aware of the issue, have in the recent Android versions for Calendar and contacts can fix already and are about to be solved for Picasa," said a Google spokesman dpa.

By the vulnerability of the older versions are affected Android, which make up according to the researchers at the Institute for Media computer science at the University of Ulm currently 99.7 percent of all Android devices.

The researchers had already denounced in a paper published last week that the three Android Apps unencrypted send their so-called ID-token. Is the connection to a wireless network unprotected, an attacker had to walk over.
Security experts warn, however, generally always in front, to send data in open wireless networks. This is true not only for smartphones, but also for conventional personal computers. At the same time, the non-encrypted connection to Web services, a known problem.

Great excitement was there a few months ago, when security researchers demonstrated how easily such as Facebook or Twitter sessions can be seized if an attacker taps the unencrypted connection information. The services now offer a secure connection via HTTPS protocol. The affected Google Apps attack in the newer versions of Android, according to the researchers from Ulm to HTTPS.

No comments: