*bump*99.7% of Android devices vulnerable to leaking personal information
A research group from Germany's Ulm University claims to have discovered a security hole present in 99.7 per cent of all Android smartphones. According to the group, mobile devices using Google's operating system could currently be exploited by hackers, allowing them to “gain full access to the [user’s] calendar, contacts information, or private web albums”.
Hackers could supposedly also view, modify and delete contacts, calendar events and private images. The research paper stresses that the flaw only affects individual users on a case-by-case basis, and is not related to any database servers like the recent high-profile hacking attack on Sony's PSN service.
"We wanted to know if it is really possible to launch an impersonation attack against Google services and started our own analysis," researchers Bastian Könings and Jens Nickels explain in a blog posted on the university's website. "The short answer is: Yes, it is possible, and it is quite easy to do so. Further, the attack is not limited to Google Calendar and Contacts, but is theoretically feasible with all Google services using the ClientLogin authentication protocol for access to its data APIs."
The exploit was tested across a range of devices running multiple versions of Android, including 2.1, 2.2, 2.2.1, 2.3.3, 2.3.4 and 3.0.
Google (and Apple) are already in trouble with privacy and security issues, but this is bad for Google. Apple jumped on their geo-tracking issue quickly, but Google's sounds a lot more serious.