Crikey! Open source Android might be just a wee bit too open with your data

Subject: General Tech | May 17, 2011 - 01:23 PM |
Tagged: Android, security, clientlogin, impersonation, fud

Researchers at Germany's University of Ulm have discovered a vulnerabliity in Android's authentication protocol, known as ClientLogin which should protect your login credentials to apps like your contact list and your calendar.  It seems that while your request is encrypted, the response which includes your credentials is sent back in plain text, and those credentials remain valid for 2 weeks.  The new versions of Android have fixed this flaw but according to the story at The Register connections to Picassa still return in plain text.

 

View Full Size

"The vast majority of devices running Google's Android operating system are vulnerable to attacks that allow adversaries to steal the digital credentials used to access calendars, contacts, and other sensitive data stored on the search giant's servers, university researchers have warned."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register
May 17, 2011 | 02:53 PM - Posted by Tim Verry

ha, nice graphic :P

May 17, 2011 | 02:53 PM - Posted by Tim Verry

ha, nice graphic :P

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote><p><br>
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

By submitting this form, you accept the Mollom privacy policy.