Sponsored By

Nearly all Android-based smartphones were susceptible to a security hack allowing third parties to access a user's private information, calendar and contacts, according to research.

Frank Cifaldi, Contributor

May 18, 2011

1 Min Read

Nearly all Android-based smartphones were susceptible to a security hack allowing third parties to access a user's private information, calendar and contacts, according to research. Researchers at Germany's ULM University have discovered that all Google services using the company's ClientLogin API could have, until recently, been accessed remotely by third-party hackers, through methods the researchers say affected 99.7 percent of Android devices and are "quite easy" to perform. The method is described as being similar to cookie theft, or "sidejacking," the method used by the infamous Firesheep plug-in for the Firefox web browser. It essentially captures unencrypted data that is "not bound to any session or specific device information," allowing third parties to bypass traditional login requirements and instantly access a user's information. According to the report, the attack would give the hacker full access to view, modify and delete contacts, calendar events, and private pictures. Google responded to the findings, telling Edge Online that it was aware of the issue, and has "already fixed it for calendar and contacts in the latest versions of Android," and that it is still working on fixing Picasa, its photo storage and sharing service. Google also refuted the 99.7 percent figure, saying the exploit could only be used in very specific circumstances that are not necessarily likely.

About the Author(s)

Frank Cifaldi

Contributor

Frank Cifaldi is a freelance writer and contributing news editor at Gamasutra. His past credentials include being senior editor at 1UP.com, editorial director and community manager for Turner Broadcasting's GameTap games-on-demand service, and a contributing author to publications that include Edge, Wired, Nintendo Official Magazine UK and GamesIndustry.biz, among others. He can be reached at [email protected].

Daily news, dev blogs, and stories from Game Developer straight to your inbox

You May Also Like