99 Percent Of All Android Handsets Vulnerable To An Attack

This image described by Google, Google Android, android 2.3.4, android 2.3.3, android smartphones, Android Attack
According to a recent research conducted at the University of Ulm in Germany, 99 percent of Android smartphone users are vulnerable to be easily attacked, every time they log into a website on a unsecured network.

Handsets running on Android version before 2.3.3 are open to an attack due to a weak ClientLogin authentication protocol.

This surely is a bad signal for all Androiders. All Android based smartphone users who sign into a service such as Facebook, Twitter or other account login screens, the authToken information is usually stored for 14 days. For the attack to take place, the authToken collector can setup a wifi access point with a common SSID of an encrypted wireless network, such as CoffeeStar. With the default settings over your Android phone, it automatically connects to a previously previously known network with many of the apps attempt to sync immediately.

A research detailed:

To collect such authTokens on a large scale an adversary could setup a wifi access point with a common SSID (evil twin) of an unencrypted wireless network, e.g., T-Mobile, attwifi, starbucks…With default settings, Android phones automatically connect to a previously known network and many apps will attempt syncing immediately. While syncing would fail (unless the adversary forwards the requests), the adversary would capture authTokens for each service that attempted syncing.

An attack was attempted over an Android smartphone which resulted in a success. Basically the reason of this successful attempt was the "security hole" which Google only fixed with the release of Android 2.3.4, released a few weeks back.

Read more about Biggest Security Fails of 2010

About Khizer Hayat Farooq

Khizer Hayat Farooq, iSmashPhone's Contributing Editor, is committed on bringing in the very best from the world of Apple, digital start ups, growing trends, social networks and new initiatives from digital firms. He aims to write one of the best software reviews and HOW-TO tricks one day. twitter.com/magicfreak