Security flaw 'affects 99% of Android devices'

Security flaw 'affects 99% of Android devices'

By Rob Crossley

May 18th 2011 at 10:54AM

Google mobile operating system can send unencrypted personal data, study claims

A harmful security hole has been discovered in 99.7 per cent of all Android smartphone devices, a research group has warned.

Mobile devices using Google’s Android operating system currently have a weak link where hackers can “gain full access to the [phone’s] calendar, contacts information, or private web albums”.

The hacking process, said to be relatively straightforward, is also believed to allow unauthorised users to view, modify or delete any contacts, calendar events, or private pictures.

The allegation comes weeks after one of the most high-profile security scares in the digital age.

Last month Sony’s PlayStation Network and online games servers were breached, compromising the sensitive details of over 100 million accounts.

In a new research paper, Germany's University of Ulm said the Google security flaw only affects individual users on a case-by-case basis, as opposed to an entire database server.

Yet the university found that some Android applications transmit unencrypted data, easily allowing others to eavesdrop any transmitted information.

Researchers underwent a test to see if they could hack into Android data using a simple third-party application.

“We wanted to know if it is really possible to launch an impersonation attack against Google services and started our own analysis,” read a research blog.

“The short answer is: Yes, it is possible, and it is quite easy to do so.”

The hack was tested on Android versions 2.1, 2.2, 2.2.1, 2.3.3, 2.3.4 and 3.0. Devices used in the test included the Nexus One, HTC Desire, HTC Incredible S, and newly released tablet the Motorola XOOM.

From this it was discovered that “99.7% of all Android smartphones” could be hacked.

More details on the research can be found here.