Do you own an Android handset? If yes, you could be one among those 99% people whose private data can be accessed. This personal data leakage problem in android handsets has been found out by researchers at the University of Ulm, in Germany who found out that devices running on an Android version prior to 2.3.3 can be easily hacked because of the weak Client Login Authentication Protocol.
Whenever you login to a social network like Facebook or Twitter your authentication data, that is your username/password and password are stored as an authentication token which is used in future for logging in. This data is stored for 14 days and can be easily accessed by the hackers.
How is it done?
The hacker can set up a wifi access point with a common SSID (evil twin) of an unencrypted wireless network, e.g., T-Mobile, attwifi, starbucks. When your Android device tries to automatically connect to the unencrypted Wi-Fi network, the Client Login Authentication token is accessed by the hacker and hence your privacy is no longer private.
How to Protect yourself?
- Turn off automatic Wi-Fi connection
- Use 3G or 4G networks rather than Wi-Fi
- If you do not have a 3G or 4G enabled device then you can use an app called SSH Tunnel which creates a secure connection between your device and the network.
- Use Secure connection (https:) to access the social networks.
I do hope Google fixes this problem soon. But would you prefer buying an Android device again?