Android leak: 99% of phones lose data to unsecured wifi networks
With news that 99% of Android phones can leak data when connected to unsecured wifi networks phones have become the new security risk for mobile users.
It’s the second security problem to hit Android after people revealed that the unmonitored Android app store was hiding viruses masked as apps.
Unsecured wifi-networks are a safety risk anyway. But the particular problem with wifi and Android phones was a faulty authentication mechanism that left phones open much longer than they needed to be.
Extracting user data from the phones would still require a scammer to put some work into impersonating a router – see the dangers of unsecured wifi here. But it’s definitely a weakness that could result in people losing email accounts and more.
According to the German researchers who uncovered the problem, Bastian Konings, Jens Nickels, and Florian Schaub, the vulnerability is due to an improper implementation of the ClientLogin protocol.
iPhones have recently been hit by the fact that Apple has been storing very precise location data of users movements, though no third-parties are involved there.
The fix
Google needs to shorten the lifespan of the authentication tokens it gives out. And if you are web-browsing on your android on an unsecure wifi network, set the servers to https rather than http – makes it much more secure.