Google's Android mobile operating system 'easy to hack'
A German tech security researcher has shown that Google’s mobile phone operating system Android can easily by hacked if the user is connected to a public internet connection – allowing all their data be accessed.
“You don’t have to have a specialist to do this, it is well-documented by Google. The attacks are very simple,” Bastian Könings, who works at Ulm University, told Der Spiegel.
All the contacts, diary dates and even photos contained on a hacked phone can easily be looked at and even altered – and not only for the period of time the hacker and the hacked are on the same network, he said.
A potential hacker has only to use Google’s interface for external developers, he said. All that is necessary is to log onto a public wireless internet connection such as those found in cafes, airports or hotels.
This gives access to all android mobiles logged onto the same connection. The hacker can catch anything being floated over the Google cloud services, including the ‘tokens’ – authentication data. These remain unchanged for up to two weeks, said Könings, and grant continuing access to a phone even when the public internet session is over.
Business competitors could use such information, just as stalkers could, and even criminals who want to know when someone is definitely going to be away from home.
"We know about this and have been able to solve it in the latest Android versions for calendar and contacts and are working on solving it for Picasa too," a Google spokesman said.
Könings said he had told the company of his findings a while ago but had not received much reaction.
The Local/hc
Comments
See Also
“You don’t have to have a specialist to do this, it is well-documented by Google. The attacks are very simple,” Bastian Könings, who works at Ulm University, told Der Spiegel.
All the contacts, diary dates and even photos contained on a hacked phone can easily be looked at and even altered – and not only for the period of time the hacker and the hacked are on the same network, he said.
A potential hacker has only to use Google’s interface for external developers, he said. All that is necessary is to log onto a public wireless internet connection such as those found in cafes, airports or hotels.
This gives access to all android mobiles logged onto the same connection. The hacker can catch anything being floated over the Google cloud services, including the ‘tokens’ – authentication data. These remain unchanged for up to two weeks, said Könings, and grant continuing access to a phone even when the public internet session is over.
Business competitors could use such information, just as stalkers could, and even criminals who want to know when someone is definitely going to be away from home.
"We know about this and have been able to solve it in the latest Android versions for calendar and contacts and are working on solving it for Picasa too," a Google spokesman said.
Könings said he had told the company of his findings a while ago but had not received much reaction.
The Local/hc
Join the conversation in our comments section below. Share your own views and experience and if you have a question or suggestion for our journalists then email us at [email protected].
Please keep comments civil, constructive and on topic – and make sure to read our terms of use before getting involved.
Please log in here to leave a comment.