A security tip for my fellow Android users...
There is a security vulnerability that affects all Android 2.3.3 or earlier devices due to improper implementation of an authentication protocol known as ClientLogin. This affects all Google app (Calendar, Contacts, etc), Twitter, Facebook and more that might hold personal information. ClientLogin was designed to make apps more secure by only sending a token after Google servers validate your login info once. And as with most security enhancements there's always a flaw - in this case, the token is sent in friggn' clear text. So a hacker can set up a rogue Wi-Fi hotspot and grab the authentication token while uneducated, naive users have the Wi-Fi on their devices turned on to always be searching for available networks or connected to an unsecure open network. It's important to know the device doesn't even have to actually be connected to the rogue network, just searching for available networks for the hacker to grab the authentication token.
The good news is that this doesn't affect 3G or 4G and there is an easy fix until the official system patch is released - turn off Wi-Fi on your device when you are not around a known secure network. Not only should this be a common sense security practice (open networks are not safe or secure, hence the name open) but it will also save on battery power.
The more you know...
Tuesday, May 17, 2011
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment