Overclock.net › Forums › Industry News › Software News › [BBC] Android handsets 'leak' personal data
New Posts  All Forums:Forum Nav:

[BBC] Android handsets 'leak' personal data

post #1 of 45
Thread Starter 
Quote:
More than 99% of Android phones are potentially leaking data that, if stolen, could be used to get the information they store online.University of Ulm researchers Bastian Konings, Jens Nickels, and Florian Schaub made their discovery while watching how Android phones handle login credentials for web-based services.

Many applications installed on Android phones interact with Google services by asking for an authentication token - essentially a digital ID card for that app. Once issued the token removes the need to keep logging in to a service for a given length of time.

Sometimes, found the researchers, these tokens are sent in plain text over wireless networks. This makes the tokens easy to spot so criminals eavesdropping on the wi-fi traffic would be able to find and steal them, suggest the researchers. Armed with the token, criminals would be able to pose as a particular user and get at their personal information.

Even worse, found the researchers, tokens are not bound to particular phones or time of use so they can be used to impersonate a handset almost anywhere.
Source: http://www.bbc.co.uk/news/technology-13422308

Oh dear.
Edited by 98uk - 5/17/11 at 8:03am
post #2 of 45
Yikes. I wonder what's preventing them from being assigned to an equivalent of a MAC address.
    
CPUMotherboardGraphicsRAM
4690k @ 4.5 MSI Z97 Gaming 5 EVGA 980 Ti 16GB GSkill 
Hard DriveOptical DriveCoolingOS
Evo 250 500GB, 2x 1TB F3 + 3TB Seagate GoFlex +... Optical Drive? You mean 5.25 Floppy drive? I go... Nh-D14 Win7 64. Diewin10die. 
MonitorMonitorKeyboardCase
XB270HU My girlfriend stole my other monitor. Damn women! Celeritas Phanteks Enthoo Pro 
MouseMouse Pad
Cheap Sharkk gaming mouse. Last Mx518 died yea... Puretrak Talent 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
4690k @ 4.5 MSI Z97 Gaming 5 EVGA 980 Ti 16GB GSkill 
Hard DriveOptical DriveCoolingOS
Evo 250 500GB, 2x 1TB F3 + 3TB Seagate GoFlex +... Optical Drive? You mean 5.25 Floppy drive? I go... Nh-D14 Win7 64. Diewin10die. 
MonitorMonitorKeyboardCase
XB270HU My girlfriend stole my other monitor. Damn women! Celeritas Phanteks Enthoo Pro 
MouseMouse Pad
Cheap Sharkk gaming mouse. Last Mx518 died yea... Puretrak Talent 
  hide details  
Reply
post #3 of 45
thats scary
    
CPUMotherboardGraphicsRAM
Intel I7-5820k@4.2ghz Gigabyte X99-UD3P AMD 295x2 16GB G.Skill DDR4-2400 
Hard DriveOptical DriveCoolingOS
Corsair Force GT 120gb (OS), 2x 1tb WD Blacks R... LG Bluray CoolerMaster MasterLiquid Pro 120 Win 10 x64 
MonitorKeyboardPowerCase
26" Emprex Logitech G15 CoolerMaster SPH-1300 Coolermaster HAF922 
MouseMouse Pad
CM Sentinel II CoolerMaster HSM Battle Pad SSK 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Intel I7-5820k@4.2ghz Gigabyte X99-UD3P AMD 295x2 16GB G.Skill DDR4-2400 
Hard DriveOptical DriveCoolingOS
Corsair Force GT 120gb (OS), 2x 1tb WD Blacks R... LG Bluray CoolerMaster MasterLiquid Pro 120 Win 10 x64 
MonitorKeyboardPowerCase
26" Emprex Logitech G15 CoolerMaster SPH-1300 Coolermaster HAF922 
MouseMouse Pad
CM Sentinel II CoolerMaster HSM Battle Pad SSK 
  hide details  
Reply
post #4 of 45
Well this should be obvious. Any data sent wirelessly can be easily intercepted. The big concern here is it's sending info in plain text.

Also, I hope all those android freaks finally realize that Android is just as insecure as any other OS, regardless if it's "open-source" (highly debatable) or not.
Perpetual debt
(15 items)
 
Money Pit
(17 items)
 
 
CPUMotherboardGraphicsRAM
Intel i7 2600k Asus P8P67 Pro PNY GTX 480 2x4gb G.Skill Ripjaws 2133mhz 
Hard DriveCoolingOSMonitor
OCZ Vertex 3 Coolit Freezone Elite Win7 Ultimate Samsung 2233rz 
KeyboardPowerCaseMouse
Logitech G15 Corsair HX750 Antec Server case Razer Deathadder 
Mouse PadAudioAudio
Thermaltake LCD Mousepad Logitech 5.1 Surround Tritton AX PC Pro 5.1 Surround Headset 
CPUMotherboardGraphicsRAM
Intel q6600 @ 3.9ghz (433x9) EVGA 780i FTW evga 8200gs 512mb  4x2gb Corsair XMS TwinX 866mhz @ 5-5-5-5-18 
Hard DriveHard DriveOptical DriveCooling
2x 750gb Seagate Baracuda 7200.12 RAID0 5x 1.5tb Seagate Baracuda 7200.11 RAID5 LITE-ON 22X DVD Burner Black SATA Corsair H70 
OSMonitorKeyboardPower
Win7 Ultimate x64 22" Acer x223w Logitech G15 Corsair HX750 
CaseMouseMouse PadAudio
APEVIA MX-ALIEN Razer Deathadder Thermaltake LCD Mousepad Triton AX Pro PC 
Audio
Logitech 5.1 surround sound. 
  hide details  
Reply
Perpetual debt
(15 items)
 
Money Pit
(17 items)
 
 
CPUMotherboardGraphicsRAM
Intel i7 2600k Asus P8P67 Pro PNY GTX 480 2x4gb G.Skill Ripjaws 2133mhz 
Hard DriveCoolingOSMonitor
OCZ Vertex 3 Coolit Freezone Elite Win7 Ultimate Samsung 2233rz 
KeyboardPowerCaseMouse
Logitech G15 Corsair HX750 Antec Server case Razer Deathadder 
Mouse PadAudioAudio
Thermaltake LCD Mousepad Logitech 5.1 Surround Tritton AX PC Pro 5.1 Surround Headset 
CPUMotherboardGraphicsRAM
Intel q6600 @ 3.9ghz (433x9) EVGA 780i FTW evga 8200gs 512mb  4x2gb Corsair XMS TwinX 866mhz @ 5-5-5-5-18 
Hard DriveHard DriveOptical DriveCooling
2x 750gb Seagate Baracuda 7200.12 RAID0 5x 1.5tb Seagate Baracuda 7200.11 RAID5 LITE-ON 22X DVD Burner Black SATA Corsair H70 
OSMonitorKeyboardPower
Win7 Ultimate x64 22" Acer x223w Logitech G15 Corsair HX750 
CaseMouseMouse PadAudio
APEVIA MX-ALIEN Razer Deathadder Thermaltake LCD Mousepad Triton AX Pro PC 
Audio
Logitech 5.1 surround sound. 
  hide details  
Reply
post #5 of 45
If people are afraid of their precious data leaking, get a blackberry... IMO the only 'safe' smartphone out there.

*Edit* OP, hate to nag, but your post needs a tag [BBC]
Planet Express
(13 items)
 
  
CPUMotherboardGraphicsRAM
i5 2500k Asus P8Z68-V Pro Zotac GTX 570 Mushkin Blackline DDR3-1600 8GB 
Hard DriveOSMonitorKeyboard
SSD: Intel 40gb + Kingston 64gb Windows 7 64 bit Samsung SyncMaster 24" 245BW Saitek Eclipse II 
PowerCaseMouse
Corsair TX750W Cooler Master HAF Razer Deathadder 
  hide details  
Reply
Planet Express
(13 items)
 
  
CPUMotherboardGraphicsRAM
i5 2500k Asus P8Z68-V Pro Zotac GTX 570 Mushkin Blackline DDR3-1600 8GB 
Hard DriveOSMonitorKeyboard
SSD: Intel 40gb + Kingston 64gb Windows 7 64 bit Samsung SyncMaster 24" 245BW Saitek Eclipse II 
PowerCaseMouse
Corsair TX750W Cooler Master HAF Razer Deathadder 
  hide details  
Reply
post #6 of 45
Im confused, so with this they can gain access to your google calander and contacts?

"Private web-albums" - is that photos?

Is that it? Am I missing something here? I know potentially someone can change email addresses in contacts so they can get private information, but is that it?
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
i5 760 @ stock will update when I get home EVGA GTX 470 @ stock 4GB G-Skill DDR3 
OSKeyboardMouse
Windows 7 Saitek Eclipse (Blue) Roccat Kone (now broken) 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
i5 760 @ stock will update when I get home EVGA GTX 470 @ stock 4GB G-Skill DDR3 
OSKeyboardMouse
Windows 7 Saitek Eclipse (Blue) Roccat Kone (now broken) 
  hide details  
Reply
post #7 of 45
Fix the title per the rules.
post #8 of 45
Thread Starter 
Fixed title.

Sent from my Oxygen HTC Desire using Tapatalk
post #9 of 45
nothing is safe. to think that anything is safe, is just ignorant. just be smart and dont do something stupid with your toys, plain and simple.
rebirth
(14 items)
 
  
CPUMotherboardGraphicsRAM
Phenom 2 x4 955 BE Asus M4A88TD-V EVO Asus gtx560 ti (non ref) G.Skill DDR31600 x12 
Hard DriveOptical DriveCoolingOS
Western Digital 500Gb LG 22x Antec Kuhler 620 Win 7 64bit 
MonitorKeyboardPowerCase
Asus 24in Logitech g15 Corsair 650TX Corsair 600t 
MouseMouse Pad
Razor Diamondback Walmart 
  hide details  
Reply
rebirth
(14 items)
 
  
CPUMotherboardGraphicsRAM
Phenom 2 x4 955 BE Asus M4A88TD-V EVO Asus gtx560 ti (non ref) G.Skill DDR31600 x12 
Hard DriveOptical DriveCoolingOS
Western Digital 500Gb LG 22x Antec Kuhler 620 Win 7 64bit 
MonitorKeyboardPowerCase
Asus 24in Logitech g15 Corsair 650TX Corsair 600t 
MouseMouse Pad
Razor Diamondback Walmart 
  hide details  
Reply
post #10 of 45
Oh, oh my.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
Overclock.net › Forums › Industry News › Software News › [BBC] Android handsets 'leak' personal data