Report: 99.7 percent of Android Phones Contain Security Hole

May 18, 2011

A new report claims that around 99.7 percent of phones using Google's mobile operating system contain a security hole that can enable hackers to send unencrypted personal data. Mobile devices using the Android operating systems have a weakness that could allow hackers to gain "full access" to private information such as calendar, contact information, and "private web albums,” according to a research group from Germany's University of Ulm. The security hole could also give hackers the ability to view, modify or delete contacts, calendar events, and private pictures. Thankfully, the security flaw only affects individual phones.

In a new research paper, researchers at the University of Ulm detailed the flaw, testing it for vulnerabilities. They found that some Android applications could transmit unencrypted data, allowing others to "eavesdrop" any of the transmitted information. Researchers were tested to see if they could hack into Android data using a simple third-party application. Apparently they found a lot of success in completing the exercise.

“We wanted to know if it is really possible to launch an impersonation attack against Google services and started our own analysis,” researchers said. “The short answer is: Yes, it is possible, and it is quite easy to do so.”

The hack was tested on various versions of the Android operating system including 2.1, 2.2, 2.2.1, 2.3.3, 2.3.4 and 3.0. Phones used in the test included the Nexus One, HTC Desire, HTC Incredible S, and newly released tablet the Motorola XOOM.

Source: Develop

Comments

Re: Report: 99.7 percent of Android Phones Contain Security ...

Submitted by Technogeek on Wed, 05/18/2011 - 15:00.

It's already being fixed

Forgot your password?
Username :
Password :

Shout box

You're not permitted to post shouts.
E. Zachary KnightGamasutra explores the failure of Streetfighter X Tekken and has one of the best arguments against on-disk DLC I have ever read: http://tinyurl.com/d399ylu05/25/2012 - 1:46pm
ddrfr33kabout the xbox live hacks from last year, now we know: http://kotaku.com/5913228/report-how-scammers-are-stealing-xbox-live-accounts-and-what-they-do-with-them05/25/2012 - 12:31pm
tallimarhttp://news.cnet.com/8301-1035_3-57440902-94/microsoft-legal-win-over-google-may-signal-ceasefire/05/24/2012 - 10:17pm
ZippyDSMleeTIme or an operation!05/24/2012 - 6:43pm
ZippyDSMleePC parts are in wish me luck or hell!!05/24/2012 - 6:43pm
MaskedPixelante38 Studios and Big Huge Games are pretty much dead now. http://www.joystiq.com/2012/05/24/38-studios-and-big-huge-games-lay-off-entire-staffs05/24/2012 - 4:39pm
DorthLousActually, nop, I did miss the emoticon for some reason (getting used to pics?) and I didn't know you changed it since (since I posted previous to my shout and it was still there.) Anyhow, thanks for taking it out!05/23/2012 - 6:01pm
james_fudgeWell we were just testing it. but it is still on the submission to fight $pam.05/23/2012 - 5:48pm
E. Zachary KnightJames, No I don't have it. I was just wondering who does and why. More curiosity than anything.05/23/2012 - 5:38pm
james_fudgeDid you not see the emoticon and did you not see that it has already been changed back?05/23/2012 - 5:10pm
james_fudgeLOL05/23/2012 - 5:07pm
DorthLousWhy? Not shocked that people are barking to an additional hoop to jump through when posting from their already logged in account or just mentionning this to try to paint me as one always complaining?05/23/2012 - 4:45pm
james_fudgebig shock there ;)05/23/2012 - 4:30pm
DorthLousI'll add my voice to those wanting it gone :S I'm already logged in, I don't need a captch'a. That's for those registering.05/23/2012 - 3:54pm
james_fudgeEt tu EZK?!?05/23/2012 - 3:51pm
Craig R.I'm a One Man Quorum! And it's working for me now, thanks. :)05/23/2012 - 3:48pm
E. Zachary KnightHow do we determine who get's the game/captcha thingy? Is there a certain posting threshhold users have to meet before it is turned off?05/23/2012 - 2:25pm
james_fudgeGive it a chance, we're still adjusting it ;)05/23/2012 - 11:20am
james_fudgeOne does not a Quorum make Craig.05/23/2012 - 11:16am
Craig R.If I complete the stupid game, and it just deletes my comment, what's the point?05/23/2012 - 11:15am
All shouts

Be Heard - Contact Your Politician