My Favorites

 

Loading..

 

This area does not yet contain any content.
Hire Me!
Hire Me! Hire me for your writing assignment or event. I'm reasonable and reliable. Also looking for additional writing gigs. Email me at rclimpert003@yahoo.com

Based in Atlanta, GA - Rick Limpert is an award-winning writer, a best-selling author, and a featured sports travel writer.

Named the No. 1 Sports Technology writer in the U.S. on Oct 1, 2014.

Entries in Security flaw (1)

Wednesday
May182011

Security Hole Found in Android Phones

A recent report says some 99.7% of Android devices in circulation are vulnerable to an attack that could compromise sensitive data transmitted over a wireless network connection. The hole reportedly stems from a flaw in Google's ClientLogin authentication protocol, which verifies communication between Android devices and applications.

To use ClientLogin, an app requests an authentication token (authToken) from the Google service by passing an account name and password over an HTTPS connection. The returned authToken can be used for any subsequent request to the service API and in addition to remaining valid for up to two weeks, it's not bound to any session or device-specific information.

Those attributes wouldn't be an issue if attackers couldn't obtain an authToken, but that isn't the case.

The article notes that many applications can send such data over an unencrypted HTTP connection, making it easy for unsavory types to obtain the authToken with software utilities such as Wireshark.

I'm sure they are working on fixing this at this moment.  Androis users, look for an update or updates soon.