Android Phones 'Leak Personal Data'
Millions of Android smartphones are vulnerable to hackers stealing users' personal information, researchers have said.
The report, from the University of Ulm , claims that handsets using Google's operating system are open to a data leak which leaves their calendars, contacts and pictures exposed.
Hackers can tap into the transfer of information between the phones and the internet, gaining access to the personal data.
Only the latest phones with system version 2.3.4 have had the leak plugged, meaning that 99.7% of handsets could be targeted.
"We wanted to know if it is really possible to launch an impersonation attack against Google services," the German researchers wrote.
"The short answer is yes, it is possible and it is quite easy to do so."
They added that once access had been gained, a hacker could view, modify or delete any contacts, calendar events or private pictures.
But there is no evidence to date that any hackers had taken advantage of the loophole, the researchers added.
Many applications on Android phones use authentication tokens, which removes the need to keep logging into a service each time it is accessed.
A hacker monitoring one of the phones on a wi-fi network would be able to steal the token, and use the information to log onto websites.
The flaw was discovered in phones such as HTC Desire, Nexus One and Motorola XOOM.
A spokesperson for Google said: "We are aware of this issue, and have already fixed it for calendar and contacts in the latest versions of Android.
The report, from the University of Ulm , claims that handsets using Google's operating system are open to a data leak which leaves their calendars, contacts and pictures exposed.
Hackers can tap into the transfer of information between the phones and the internet, gaining access to the personal data.
Only the latest phones with system version 2.3.4 have had the leak plugged, meaning that 99.7% of handsets could be targeted.
"We wanted to know if it is really possible to launch an impersonation attack against Google services," the German researchers wrote.
"The short answer is yes, it is possible and it is quite easy to do so."
They added that once access had been gained, a hacker could view, modify or delete any contacts, calendar events or private pictures.
But there is no evidence to date that any hackers had taken advantage of the loophole, the researchers added.
Many applications on Android phones use authentication tokens, which removes the need to keep logging into a service each time it is accessed.
A hacker monitoring one of the phones on a wi-fi network would be able to steal the token, and use the information to log onto websites.
The flaw was discovered in phones such as HTC Desire, Nexus One and Motorola XOOM.
A spokesperson for Google said: "We are aware of this issue, and have already fixed it for calendar and contacts in the latest versions of Android.
