Android handsets 'leak' personal data

[Vorbis]

BBC News - Android handsets 'leak' personal data

Bad publicity.

 

[Joe Dirt]

It was fixed on 2.3.4. I'm covered.

 

[AndroidSPCS]

Thanks for the link. It is unacceptable to have security flaws like this that put people at risk. Google needs to fix it in all versions of Android.

 

[.Johnathan]

It was fixed on 2.3.4. I'm covered.

You're covered and that's good for you but what about everyone else/ Google needs to fix this NOW!

 

[sonofaresiii]

We all realize this isn't an account of someone just getting online and hacking your phone, right? I could be wrong, but they need to hack your wifi first. Not that that makes it okay, but the danger is SIGNIFICANTLY smaller if you consider that someone has to connect to your wifi while you're on it to get any of this information. It's not like this information is available to anyone who wants it.

 

[krouget]

You're covered and that's good for you but what about everyone else/ Google needs to fix this NOW!

Google did 'fix' it in their latest update (with the exception of the Gallery, since it's handled by cooliris).

The problem is Android fragmentation, and "everyone else" running older versions of Android. If there were ever an argument to address the fragmentation issue, this is it...in which case, it involves more than just Google.

 

[Guamguy]

In order for this to happen, you have to be spoofed into using a public hotspot that's made by the hacker's. Kind of like a hotspot that is pretending it is Starbuck's but its not actually.

If you think about it, the chances of this happening is small. Not unless you want to connect to any public hotspot in the street or in the mall. Or like your phone's wifi is set always on On all the time and you get entries for "linksys" and "netgear" which will link to any "linksys" or "netgear" that is open and has no authorized password.

Why it does not happen --- but you need to be very prudent just in case:

1. You need to manually accept a wifi connection
2. Most public wifi hotspots are passworded themselves. In other words, they are more scared of people like you,.
3. You need to go around with your phone's wifi set on on. But most Android users are consciously trying to save battery as much as they can, it's set off.
4. This won't happen if your phone is always set only for EDGE, 3G, H, or 4G for internet connection.

Anyway, its always a prudent idea to be careful of sharing not just your phone, but even your laptop on a public wifi area. If you are in a public wifi, you can also close background updates and auto-sync, so only your foreground app is allowed to transmit.

 

[Deleted User]

BBC News - Android handsets 'leak' personal data

Bad publicity.

Here's a more comprehensive article The Official Lookout Blog | Critical Android Vulnerability: Use Precaution on Public WiFi

 

[dylo22]

In order for this to happen, you have to be spoofed into using a public hotspot that's made by the hacker's. Kind of like a hotspot that is pretending it is Starbuck's but its not actually.

That's not entirely true. An attacker doesn't have to create a hotspot for this to work. It can pretend to be the gateway by doing ARP spoofing/poisoning. Since by design ARP does not have any authentication, any host within the same subnet can respond to an ARP request pretending to be the router. This is the same way how many man in middle attacks operates.

I do agree though that chances of this happening is low. However, the possibility is there and we should be careful. Really the best way to prevent this is not to use public wifis.

 

[ardchoille]

Google is responding to the problem.

 

[Guamguy]

Fixed by a server side patch and an invisible "update" pushed to the phones.

 

[ShadowUlcer]

You're covered and that's good for you but what about everyone else/ Google needs to fix this NOW!

The way they fix these things is THROUGH updates...you need to update to get the patch.

 

[zuben el genub]

Fixed by a server side patch and an invisible "update" pushed to the phones.

So how do you know if it got pushed or not?

 

[Guamguy]

You don't. It looks to me that the article I'm reading this from didn't seem to get it right though. The fix appears to be entirely on the back end on the server side.

 

[Enraged21]

what if im on evervolv rom? Its android 2.3.3. Does that make me still vulnerable? Not that im worried