• The Register, Tuesday, May 17, 2011 12:48 PM

In yet another instance of devices betraying users' personal privacy, university researchers have found that most phones running Google's Android operating system are vulnerable to attacks, which let adversaries steal "digital credentials" used to access calendars, contacts, and other sensitive data stored on the search giant's servers.
,br>

The findings from Germany's University of Ulm build on previous findings from Rice University professor Dan Wallach, who in February uncovered similar Android privacy shortcomings. "Based on Google's own statistics ... more than 99 percent of Android-based handsets are vulnerable to the attacks, which are similar in difficulty and effect to so-called sidejacking exploits that steal authentication cookies," The Register writes.

The attacks can only be carried out when Android-powered devices are using unsecured networks, such as those offered at Wi-Fi hotspots. A Google spokesman said the Android team is aware of the issue and is working on a fix.

Read the whole story at The Register »