Android phones leak personal data - Canadian TV, Computing and Home Theatre Forums

Reply
 
LinkBack Thread Tools Search this Thread Display Modes

post #1 of 17 (permalink) Old 2011-05-17, 12:13 PM Thread Starter
Member #1
 
Join Date: Dec 2001
Location: Toronto
Posts: 47,716
Android phones leak personal data

More than 99% of Android phones are potentially leaking data that, if stolen, could be used to get the information they store online.

Many applications installed on Android phones interact with Google services by asking for an authentication token - essentially a digital ID card for that app. Once issued the token removes the need to keep logging in to a service for a given length of time.

Sometimes, found the researchers, these tokens are sent in plain text over wireless networks. This makes the tokens easy to spot so criminals eavesdropping on the wi-fi traffic would be able to find and steal them, suggest the researchers.

...

Even worse, found the researchers, tokens are not bound to particular phones or time of use so they can be used to impersonate a handset almost anywhere.



hugh is offline  
Sponsored Links
Advertisement
 
post #2 of 17 (permalink) Old 2011-05-17, 12:40 PM
Veteran
 
Join Date: May 2006
Location: Calgary
Posts: 1,700
Whew! At least Nexus One and Nexus S users are OK.
rsambuca is offline  
post #3 of 17 (permalink) Old 2011-05-17, 12:44 PM Thread Starter
Member #1
 
Join Date: Dec 2001
Location: Toronto
Posts: 47,716
I wonder how many phones will NEVER be updated to V 2.3.4?



hugh is offline  
 
post #4 of 17 (permalink) Old 2011-05-17, 12:46 PM
Veteran
 
Join Date: May 2006
Location: Calgary
Posts: 1,700
I would dare to guess that most android phones will never get 2.3.4. I would think that they can patch their existing OS though.
rsambuca is offline  
post #5 of 17 (permalink) Old 2011-05-17, 01:12 PM
Veteran
 
Join Date: Jun 2007
Location: /dev/null
Posts: 3,022
Google has recently announced a countermeasure to this problem...they are developing a standard by which all Android manufacturers must adhere for FW updates.

This should mitigate one of the major problems Android has suffered.
99semaj is offline  
post #6 of 17 (permalink) Old 2011-05-17, 01:41 PM
Veteran
 
Join Date: May 2007
Location: OTTAWA
Posts: 3,255
^ They better get on it. Accross the board updates regardless of carrier should be at least the option of the end user to apply...

Licenced HVAC TECH: "Without seeing your problem i can only offer suggestions, no warranty is included with my advice"
TKG26 is offline  
post #7 of 17 (permalink) Old 2011-05-17, 01:41 PM Thread Starter
Member #1
 
Join Date: Dec 2001
Location: Toronto
Posts: 47,716
Hmmm, there are 100 million Android Devices out there now.

If Wireless companies are unwilling and/or unable to patch those devices then it leaves a potentially huge security hole.

A hole that could make the recent Sony issue positively benign!

Need to learn more about this but if hackers sit at hotpsots such as their local Starbucks collecting users authentication token then you could have a lot of problems pretty darn quick.



hugh is offline  
post #8 of 17 (permalink) Old 2011-05-17, 05:07 PM
Veteran
 
Join Date: Oct 2004
Location: Nepean, Ontario
Posts: 1,607
2.3.x, aka Gingerbread, is just being rolled out now, so it could take a bit before it gets applied.

Regarding Hugh's question about how many phones may never see 2.3.
Given how much of a PITA Kies is to use, it could very well mean that the average Android user may never update their phones, unless their carrier offers to patch it for them.
bgclarke is offline  
post #9 of 17 (permalink) Old 2011-05-17, 09:37 PM
Veteran
 
Join Date: Apr 2007
Location: Whitby
Posts: 2,815
This could be a huge security risk, HOWEVER, it's really only an issue when using a public network connection. and there's always a risk there.

The PSN security hole was a far bigger issue, as it affected everyone, regardless of whether you were logged in or not.

I agree, though, updates are a pain from certain mfr's. I'm glad I get mine direct. At least I know I can get fixes like this ASAP.
recneps77 is offline  
post #10 of 17 (permalink) Old 2011-05-18, 12:33 AM
Veteran
 
Join Date: Jan 2010
Posts: 1,573
As someone with an Android phone and a PS3 I am far more concerned about the PSN hacking. There is a good post about it on Gizmodo the chances of getting hacked are very very small, and if you are paranoid about it just use your network connection rather than a public wi-fi
brownstar is offline  
post #11 of 17 (permalink) Old 2011-05-18, 09:35 AM Thread Starter
Member #1
 
Join Date: Dec 2001
Location: Toronto
Posts: 47,716
Telling people to turn off WiFi at Hotspots and use 3G is hardly the answer. Data is expensive over 3G so people want to use public hotspots.

The proper answer is Patch the phone.

If the carriers don't make every effort to patch the phone then they are negligent and could face some nasty class action suits.


Honestly, I think this is POTENTIALLY much bigger than PSN. Mobile phones typically contain a lot more personal information than PSN and there are far more of them.



hugh is offline  
post #12 of 17 (permalink) Old 2011-05-18, 02:55 PM
Moderator
 
Join Date: Jun 2009
Location: Toronto
Posts: 4,002
Quote:
Google has now confirmed that a fix is rolling out today, although it may take a few more days for it to cover all users (there's no action required on your part). The company's not quite out of the woods just yet, though -- while we've confirmed with Google that the fix address the issues with Calendar and Contacts, the problem with Picasa remains, and there's still no indication of a fix for it.
The fix is server-side, so we won't see any changes. I don't really care about Picasa, since I don't have anything important on there anyway, but I'm sure some people do.
TorontoColin is offline  
post #13 of 17 (permalink) Old 2011-05-18, 03:45 PM Thread Starter
Member #1
 
Join Date: Dec 2001
Location: Toronto
Posts: 47,716
That`s good news!

Having said that, this should be a warning to Mobile carriers that they need to find ways to allow updates or face PR nightmares in the future.



hugh is offline  
post #14 of 17 (permalink) Old 2011-05-18, 05:52 PM
Veteran
 
Join Date: Jan 2010
Posts: 1,573
All depends on your level of paranoia, the issue was an issue but a small one at that. Any public wi-fi has the potential to be a leak point. I don't use too many public wi-fi's as I find them exceedingly slow, my plan gives 2GB of data and I never get near the limit even with d/ling updates and watching the occasional video.
brownstar is offline  
post #15 of 17 (permalink) Old 2011-05-18, 06:14 PM Thread Starter
Member #1
 
Join Date: Dec 2001
Location: Toronto
Posts: 47,716
I don't consider wanting a secure phone being paranoid.

I believe only a fool would use a smartphone, a tablet, a computer or any internet enabled device with known security vulnerabilities. I also believe it foolish to buy a high tech device and then turn off some of its best capabilities because you are afraid of what might happen.

Several weeks ago, it was insecure apps on Android, this week its the leaking of personal data.

I applaud Google for fixing this quickly, however, a server side fix may not be available next time so carriers and manufacturers have to plan for that when they Modify Android.

If they don't, then Android could find itself losing marketshare



hugh is offline  
Reply

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the Canadian TV, Computing and Home Theatre Forums forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in










Thread Tools Search this Thread
Show Printable Version Show Printable Version
Email this Page Email this Page
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode



Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome