According to researchers at Germany’s ULM University, almost every Android-powered smartphone is susceptible to a major security hack that would allow third parties to access a user’s private information, calendar, and contacts. This discovery comes after skilled programmers played around with every Google service using the company’s ClientLogin API, which apparently gives third-party hackers the ability to access devices remotely. The researchers say that 99.7 percent of Android devices are vulnerable to hacking at this point in time.
The method, which has been described as being similar to cookie theft, is called “sidejacking,” the same technique used by the infamous Firesheep plug-in for the Firefox web browser. It captures unencrypted data that is “not bound to any session or specific device information,” which gives third parties the ability to bypass traditional login requirements and access any user’s information. According to the report filed by German researchers, a large-scale attack could give a hacker full access to view, modify, and delete contacts, calendar events, and private images.
In a formal response to the university’s claims, Google said that it was aware of the issue and has “already fixed it for calendar and contacts in the latest versions of Android,” and that is still working on fixing its photo storage and sharing service, Picasa. The representative also stated that the 99.7 percent figure was incorrect, explaining that the exploit could only be used in very specific circumstances.
Google also issued a public statement in which the company announced plans to roll out a fix over the air that would address earlier versions of Android to ensure that they are safe from the exploit:
Today we’re starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts. This fix requires no action from users and will roll out globally over the next few days.
What do you think about Google’s major security flaw? If you are an Android user, will this affect how you use your device on a daily basis? If you were considering purchasing an Android-powered gadget, will this affect your decision? Sound off in the comments below.