Android phones vulnerable to hackers !
Handsets using Google's operating system can allow hackers to access calendars, contacts and private pictures, they claim.
Only the latest phones have had the data leak plugged, meaning 99.7 per cent of Android handsets are vulnerable.Handsets using Google's operating system can allow hackers to access calendars, contacts and private pictures, they claim.
'We wanted to know if it is really possible to launch an impersonation attack against Google services,' the German researchers wrote. 'The short answer is yes, it is possible and it is quite easy to do so.
'The adversary can gain full access to the calendar, contacts information or private web albums of the respective Google user.
'This means that the adversary can view, modify or delete any contacts, calendar events or private pictures.'
The research was carried out by a University of Ulm team, who studied how Android dealt with log-ins for web-based services. When a user needs to access Google calendar, contacts and photo apps, an authentication 'token' is retrieved.
But the tokens are sent unencrypted in plain text over non-secure networks.
Hackers watching wi-fi traffic can easily spot a token, which is valid for two weeks, and use it to pose as the phone owner.
The researchers discovered the flaw in Android versions on devices such as HTC Desire, Nexus One and Motorola XOOM.
They also believe hackers could easily collect large number of tokens by setting up their own 'evil twin' wireless network.
The flaw has been fixed in just 0.3 per cent of phones – those running the latest Android 2.3.4 system.
Graham Cluley, from security firm Sophos, said the wide range of Android phones made it harder to keep them up to date with system fixes. 'This inevitably leaves them open to security problems,' he added.