Data security is something often taken for granted when it comes to login and password combinations, with the user generally assuming the login system is secure from end-to-end. Unfortunately due to a convenience system implemented in Android 2.3.3 and below, these login credentials can be inadvertantly exposed to anyone listening. The vulnerability was first spotted in Android several months ago and patched for some specific programs, but still affects Google Calendar, Contacts, and possibly other accounts.

Typically login transactions are done through a secure connection which is encrypted from end-to-end, with the data unintelligible to any internet “hop” that passes it on from server to server before it reaches its destination. In this case, Android utilizes an “authToken” which allows the device to use the existing login credentials for up to 14 days without having to re-login. A potential attacker must only control one “hop” between your device and the login server in order to intercept the un-encrypted traffic, and obtain your login authToken. These authTokens are generally considered safe to use if transmitted over a secured connection, however in this case the connection is un-secured. The most vulnerable point of attack being un-secured Wi-Fi access points where the attacker could be somewhere out of sight or even have a device deployed to connect the authTokens automatically, but any network remains potentially vulnerable as packets are out of your control once they leave your local area network.

Google is aware of the vulnerability and has already addressed it in Android 2.3.4 and Honeycomb, however the majority of deployed devices (99% according to Google’s statistics) do not run these builds and so remain vulnerable.

Via: Android Police

Source: The Register

You May Also Like
Galaxy Note10+ 5G

Save at least $200 on any Samsung Galaxy S10 and Galaxy Note10 model

Starting now, valid until 11:59PM Saturday, November 23, you can grab a Samsung Galaxy S10, S10e, S10+, or a Galaxy Note10, Note10+ and save at least $200.

Pocketnow Daily: Samsung Galaxy S11 With the BEST DISPLAY… Again?! (video)

On today’s Pocketnow Daily, we talk about the possible 120Hz display in future Samsung devices, the OnePlus 8’s possible design and more
Motorola RAZR

The new Moto Razr already has a possible price and release date for Europe

We may already have a price tag for the new Moto Razr for customers in Europe, along with an idea of when it will be available