London: A team of security experts at the University of Ulm in Germany has discovered that the millions of smartphones which use the Android software promoted by Google are susceptible to leak data to criminals looking to launch an impersonation attack. They found that hackers can tap into the transfer of information between the phones and the Internet, gaining access to personal data, reports the Daily Mail.
Many applications on Android phones interact with Google services by asking for an authentication token – essentially a digital ID card for particular application. The token removes the need to keep logging into a service each time you need to access it.
It is claimed that a hacker monitoring an Android smartphone connected to the Internet via an unencrypted Wi-Fi network would be able to steal the token.
In theory, the hacker would then use the information to log on to websites using the identity of the phone’s legitimate user.
In a blog posting on their findings, the researchers said: “The adversary can gain full access to the calendar, contacts information, or private web albums of the respective Google user.”
They added: “An adversary could change the stored e-mail address of the victim’s boss or business partners hoping to receive sensitive or confidential material pertaining to their business.”
The researchers said while they had identified a security loophole there is no evidence, to date, that any hackers are taking advantage of it.
Most smartphone manufacturers other than Apple use the Android operating system.
First Published: Wednesday, May 18, 2011, 12:19