Researchers at the University of Ulm, building on Princeton University's Dan Wallach's research, have found that they can use commercially available software to eavesdrop on an open Wi-Fi network and gain information from Google calendar, user contact data, and Picasa images.
The attack is possible because the Android system uses tokens, known as authTokens, that enable legitimate users to stay logged into certain applications for up to two weeks. However, the researchers found that malicious users can capture those tokens and use them for illegal purposes, such as acquiring calendar information, contact email addresses, or viewing private images on Picasa and using that information to impersonate another user on Google.
View Full Article
Abstracts Copyright © 2011 Information Inc., Bethesda, Maryland, USA