All smartphones and tablets in danger of leaking data

18 May 2011

Following the revelation that 99pc of Android smartphone devices have a vulnerability that opens them up to potential attack by hackers, a security expert has warned that all smartphone and tablet devices are potential hazards for data security.

Researchers at the University of Ulm yesterday revealed that 99pc of Android devices are vulnerable to attack because of an improper implementation of an authentication protocol known as ClientLogin in Android 2.3.3 and earlier. In other words any Android user that hasn’t upgraded to Gingerbread (2.3.4).

Because few Android devices have Gingerbread at this point, the researchers conclude 99pc of Android devices in the marketplace are vulnerable to attack.

According to researchers from the university of Ulm after a user submits valid credentials for Google calendar, contacts and other accounts the programming interface receives an authentication token that sends it in Cleartext.

Because the authToken can be used up to 14 days in subsequent requests, hackers can exploit them to get unauthorised access to users’ accounts.

The mobile security challenge for CIOs and IT directors

However, mobile security expert Ron Gula, CEO of Tenable Network Security warned that when it comes to mobile security all smartphones and tablets – whether they are Android, iOS, RIM or Windows Phone 7-based – share a comment set of challenges.

“They carry lots of data; they are often riding around in someone’s pocket where they can be easily misplaced; they transfer data over a network that can be intercepted; and they run applications that may or may not be well written.

“Placing important data on a mobile device where it’s easy to lose, steal, or rootkit offers the same problem as uncontrolled laptops, only worse.

“This is the case regardless of the mobile platform. With all mobile devices we have a situation where information is everywhere, getting auto-synched, distributed, cached, and downloaded – along with applications being downloaded on to them by the metric jillion, written by who knows who. The technology is often new and rapidly changing, so the potential for spyware is huge and all smart devices will continue to be a constant security concern now and in the future.”

Gula says that smart devices entering the workplace represent a combination of opportunity and threat; so organisations must understand the bigger picture of where information rests and flows within the network.

“The IT network management environment is only going to become more complex and challenging, both internally and externally – so businesses must ensure that they can see what’s happening at every moment before something happens that they weren’t expecting.”

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years