Considering that the Oktoberfest is still far from happening, researchers at the University of Ulm in Germany, were rummaging how Android handles user data. The discovery is not very good no, no, they identified a process that could enable criminals to obtain access to various information.
According to The Next Web, the problem boils down to how the Android uses the authentication protocol to pull information from the Google cloud over e-mails, contacts and calendars (called ClientLogin). Once the user enters his user name and password, the system will send plain-text tokens (our dear clear text), which makes the job much easier to intercept.
The scope of this security hole is 99% of smartphones running Android. That's because it exists in all versions of Android, since the first one up to version 2.3.3. Criminals could get data from users of up to 14 days ago, provided that such communication is based on clear text tokens.
To fully exploit the potential of the gap, before all the machine should be connected to a wireless network without encryption. Drawing a parallel, data theft could be done similarly to Firesheep that detects unsecured data traveling on an unsecured network.
Google already knows of the threat, which was the target of a patch to update to the Android version 2.3.4, whose release date has not yet been informed. And how are the users of previous versions of the mobile platform? For now, do not stay.
