German researchers find unencrypted 'token' files moving between phone. Security researchers in Germany have detected a leak in Android phones which can be exploited by criminals to tap information being transmitted between phones.
The discovery was made by University of Ulm researchers Bastian Konings, Jens Nickels, and Florian Schaub. They detected the risk in Android phones when they were studying the way Android phones handled identification information for Web-based services, such as Google Calendar.
The researchers found that many of the installed aplications in Android phones worked with Google services through a digital ID in the form of an authentication token. The tokens work like cookies on computers, by storing information so that users do not have to enter details repeatedly.
The researchers say that the transfer of such tokens is risky as they are sometimes sent in unencrypted form or plain text over wireless networks. Criminals with Wi-Fi network can access these files and steal personal information, say the researchers.
The researchers also claim that the data leak happens in over 99% Android phones. Google has not commented on the matter so far.
Concerns about data collection and user privacy have reached an unprecedented high in recent months.
Last month, two British security researchers, Alisdair Allan and Pete Warden, identified that Apple iPhones had secret unencrypted files in them that tracked the movements of users without their knowledge.
Google also admitted that the company tracked movements of users as well. News that Microsoft phones also did the same followed soon.
The companies admitted to such practices. However, they said that they were doing so to offer better services to users. Apple issued an update last month that offered users to opt out of location tracking.
The discovery was made by University of Ulm researchers Bastian Konings, Jens Nickels, and Florian Schaub. They detected the risk in Android phones when they were studying the way Android phones handled identification information for Web-based services, such as Google Calendar.
The researchers found that many of the installed aplications in Android phones worked with Google services through a digital ID in the form of an authentication token. The tokens work like cookies on computers, by storing information so that users do not have to enter details repeatedly.
The researchers say that the transfer of such tokens is risky as they are sometimes sent in unencrypted form or plain text over wireless networks. Criminals with Wi-Fi network can access these files and steal personal information, say the researchers.
The researchers also claim that the data leak happens in over 99% Android phones. Google has not commented on the matter so far.
Concerns about data collection and user privacy have reached an unprecedented high in recent months.
Last month, two British security researchers, Alisdair Allan and Pete Warden, identified that Apple iPhones had secret unencrypted files in them that tracked the movements of users without their knowledge.
Google also admitted that the company tracked movements of users as well. News that Microsoft phones also did the same followed soon.
The companies admitted to such practices. However, they said that they were doing so to offer better services to users. Apple issued an update last month that offered users to opt out of location tracking.
0 comments:
Post a Comment