Research from multiple universities is now warning that almost all smartphones that are running Google’s Android software could be allowing third parties access to digital tokens that could allow access to services such as Google Calendar and Contacts. The issue seems to affect all devices running versions of Android prior to 2.3.3 and is related to handling of the authentication protocol ClientLogin. According to researchers at the German University of Ulm, once a user enters their credentials, the programming interface retrieves its token in clear text. The token is valid for 14 days and a window appears where attackers could use their new found access however they like. The whole process seems to be relatively easy to exploit according to the researchers. “We wanted to know if it is really possible to launch an impersonation attack against Google services and started our own analysis,” “The short answer is: Yes, it is possible, and it is quite easy to do so.” The results come after a professor at Rice University demonstrated a similar flaw affecting Facebook, Twitter, and once again Google Calendar. This time though, the hack could only be carried out on an unsecured Wi-Fi network. Google has patched that specific hole in Android 2.3.4 but failed to plug the whole when it comes to Picasa, which allows web albums to potentially transmit sensitive data in the clear. As of right now, Google claims to be working on a fix. Android’s fragmentaton issues cause potential security holes to be further exacerbated. The fragmentation causes phones to remain on older software long after patches have been released. With carriers and device manufacturers insisting on meddling with Google’s operating system, updates can take several months to get past their own software engineers, this results in a massive 99% o Android devices still being wide open to being hacked. Google recently mentioned that it will work more closely with carriers to try and reduce the time it takes for updates to be rolled out fully. As usual, stay tuned for more tech news and info by following us on Facebook, Twitter, and/or subscribing to our RSS feed. Read More Authors:

to know more click here