Wednesday, May 18, 2011

Affecting 99% of the Android Users Danger!



If you are using a phone with the Android mobile operating system is a serious security issue can be faced with. University of Ulm in Germany, the Media Institute of Informatics 'at the official investigators, using a vulnerability in Google's operating system, helped to define the user's passwords geçirilebiliyor addressed.

Konings Bastian, Jens Florian Nickels and his researchers Schaub, Dan talked about the risks for the security of Wallach'ın Android blog post and decided to research the matter further, unfortunately, was right Wallach'ın discovered. The research results of the user's password to get Android all versions 2.3.3 and earlier is extremely easy.

Grave of business people using Google's own published statistics will be looking at this issue at the moment 99% of the users of vulnerable versions of the Android 's over ...

Internet access points of vulnerability as a basis during the non-secure WiFi is emerging. Most phones are automatically discovered previously familiar ports provide connectivity and Gmail, Facebook, Google Calendar syncing applications such as the automatic start. According to results of the study revealed at this point who sought ClientLogin intervening protocol, and verifying information on the device, known as authToken feature that allows the storage of these passwords are able to achieve. Moreover, for any reason, even if the application and the server encrypts the password verification fails can pass into the hands of still others.

Realizing Status, Google's Android security vulnerability with 2.3.4 update eliminated. Stated that this is a problem in version 3.0. But unfortunately, these are two versions currently in use even less than 1% of all the versions of Android with a utilization rate. There are currently sold in Turkey is considered the Android version of the Android devices, 2.2 or 2.2.1 if you think that our country is likely to be higher than this figure.

So what can be done?
First of all, the Android version 2.3.4 if possible at the first opportunity to see the upgrade (this version innovations following entry, review). In this update unless I do not have password protection to stay away from public WiFi networks, applications to keep off the automatic synchronization feature (which is contrary to the nature of most applications does not seem unlikely), and the more secure HTTPS instead of HTTP connections as possible is useful to prefer.

No comments:

Post a Comment