'New research from computer scientists at the University of Ulm in Germany have found that 99.7 percent of Android-powered smart phones are leaking data that, if stolen, can allow criminals into the personal data stored on Google's online services, or cloud.
The issue, say the researchers, is how the Google Android system uses software code—called authTokens—that allow users to log in to Google Calendar, Google Contacts, and other cloud-based services. According to the researchers, these tokens sometimes aren't encrypted or specific to the smart phone sending them. What's more, the tokens are valid for weeks at a time.
These three factors make it easy for a hacker to grab the data and access the personal data stored on Google's cloud. The researchers wrote on the University of Ulm's blog:
“
To collect such authTokens on a large scale an adversary could setup a Wi-Fi access point with a common SSID (evil twin) of an unencrypted wireless network, e.g., T-Mobile, attwifi, starbucks. With default settings, Android phones automatically connect to a previously known network and many apps will attempt syncing immediately...the adversary would capture authTokens for each service that attempted syncing. Due to the long lifetime of authTokens, the adversary can comfortably capture a large number of tokens and make use of them later on from a different location.
”
The researchers suggest if you're an Android user, you should:
Update your phone to the current Android version (2.3.4) as soon as possible. Depending on your phone vendor, however, you may have to wait weeks or months before an update is available for your phone. Hopefully this will change in the future.
Switch off automatic synchronization in the settings menu when connecting with open Wi-Fi networks.
Avoid open Wi-Fi networks when using affected apps.
You'll find other security threats from cell phones in our report, Mobile phones: The new risk. And for tips on protecting your personal data on all your devices, see Consumer Reports' Guide to Online Security.' ...
2011/05/18
What if you control a system physicaly or control firewire?
Controlling computer systems physically or controlling Firewire port of those systems via intrusion could open a Pandora of attacks. For instance, controlling Firewire port like PCMCIA/Cardbus/Express card, etc., could lead to: memory leakage attack, RAM tampering, RAM spoofing, Dumping RAM contents, Grabbing ssh-agent keys, grabbing screen contents, modifying screen contents, bypassing logins/password, etc...
A small epic of unattended leaving of your system is enough for an attacker to grab your desktop session.
Web link [1] contains papers and tools to explain physical memory attacks and analysis them with open source tools. The same links has several pointers to mitigation techniques to counter measure these attacks.
References:
[1] freearchive.com
A small epic of unattended leaving of your system is enough for an attacker to grab your desktop session.
Web link [1] contains papers and tools to explain physical memory attacks and analysis them with open source tools. The same links has several pointers to mitigation techniques to counter measure these attacks.
References:
[1] freearchive.com
Subscribe to:
Comments (Atom)