Models pose with the Samsung Galaxy S Android smartphone during its launch in Seoul last year

Android phones 'at risk of leaking personal data'

Android smartphone users have been warned that their phones could be susceptible to hack attacks.

Researchers at the University of Ulm in Germany have said that the devices are vulnerable to hack attacks carried out over unencrypted Wi-Fi hot spots.

Handsets using Google's operating system could leak personal information including calendars, contacts and pictures as hackers tap into the transfer of information between the phones and the internet.

This problem has been fixed in the latest version of Android, but 99.7 per cent of all Android devices using older versions could be targeted, the German researchers said.

"We wanted to know if it is really possible to launch an impersonation attack against Google services," the German researchers wrote.

"The short answer is yes, it is possible and it is quite easy to do so."

They added that once access had been gained, a hacker could view, modify or delete any entries in Google Calendar, Contacts, and Picasa Web albums.

However there is no evidence to date that any hackers had taken advantage of the loophole, the researchers added.

Many applications on Android phones use authentication tokens, which removes the need to keep logging into a service each time it is accessed.

A hacker monitoring one of the phones on a wi-fi network would be able to steal the token, and use the information to log onto websites.

The flaw was discovered in phones such as HTC Desire, Nexus One and Motorola XOOM.

A Google spokeperson said that the latest version of Android, 2.3.4 for smartphones, and 3.0 for tablets, does not have the problem.

"We are aware of this issue, and have already fixed it for calendar and contacts in the latest versions of Android," the spokesperson said.

"We are working on fixing it in Picasa."

Further reading:

See the University of Ulm's report on the Insecurity of Google's ClientLogin Protocol

Recent articles

Info Message

Our sites use cookies to support some functionality, and to collect anonymous user data.

Learn more about IET cookies and how to control them

Close