Data security is something often taken for granted when it comes to login and password combinations, with the user generally assuming the login system is secure from end-to-end. Unfortunately due to a convenience system implemented in Android 2.3.3 and below, these login credentials can be inadvertantly exposed to anyone listening. The vulnerability was first spotted in Android several months ago and patched for some specific programs, but still affects Google Calendar, Contacts, and possibly other accounts.

Typically login transactions are done through a secure connection which is encrypted from end-to-end, with the data unintelligible to any internet “hop” that passes it on from server to server before it reaches its destination. In this case, Android utilizes an “authToken” which allows the device to use the existing login credentials for up to 14 days without having to re-login. A potential attacker must only control one “hop” between your device and the login server in order to intercept the un-encrypted traffic, and obtain your login authToken. These authTokens are generally considered safe to use if transmitted over a secured connection, however in this case the connection is un-secured. The most vulnerable point of attack being un-secured Wi-Fi access points where the attacker could be somewhere out of sight or even have a device deployed to connect the authTokens automatically, but any network remains potentially vulnerable as packets are out of your control once they leave your local area network.

Google is aware of the vulnerability and has already addressed it in Android 2.3.4 and Honeycomb, however the majority of deployed devices (99% according to Google’s statistics) do not run these builds and so remain vulnerable.

Via: Android Police

Source: The Register

You May Also Like
OnePlus Nord
OnePlus’ upcoming budget phone will officially debut as OnePlus Nord
And it will cost less than $500!
Samsung Galaxy Tab S7+ leak reveals Snapdragon 865+ and 45W charging
It will also bring 5G connectivity to the table, but will only support the sub-6GHz band and not the faster mmWave 5G band.
OnePlus Nord
OnePlus Nord will feature a dual front camera setup of 32MP + 8MP
The cutout itself is said to be located on the top left corner.