Talented engineers at ULM University Germany exposed a security flow with Googleâs Android Operating System. The flaw apparently affects 97% of the Google Android users all over the world. Chances are that if you are using Google Android phone, your data may easily land in hackerâs hand without your knowledge. This data may be about your contact list, calendar events and other private information. The engineers toyed with Googleâs ClientLogin API which apparently gives remote access to third party hackers enabling them to steal your data.
Dan Wallach in his blog post outlined the security risks in using Android smartphones over a wi-fi network. He discovered that some of the Android applications transferred the data over the network insecurely, making it possible for a hacker to gain access to it. These apps included popular Facebook & Twitter apps along with Googleâs own Calendar App for Android which transferred data without encryption over the open wi-fi entwork. Dan mentioned that an eavesdropper can easily see your calendar transactions and impersonate you to Google Calendar. He also found the same flaw with Google Contacts. The University researchers took pointers from Danâs post and explored further. They launched impersonation attack against Google services and came to a conclusion that theoretically any Google service using the ClientLogin API can be easily hacked and users data can be stolen.
Hack In The Box
Comments
There are no comments for this post.
Write a Comment