Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

You Are Here: Home » ID Theft, Privacy, Search Engines » University Study: Google's Android OS ClientLogin Vulnerable to Hijacking

University Study: Google's Android OS ClientLogin Vulnerable to Hijacking

by Sabrina I. Pacifici on May 17, 2011

Catching AuthTokens in the Wild – The Insecurity of Google’s ClientLogin Protocol by Bastian Könings, Jens Nickels, and Florian Schaub, May 13, 2011

“In a recent blog post Dan Wallach outlined some of the risks of using Android smartphones in open Wifi networks. He found that some Android applications transmit data in the clear, allowing an attacker to eavesdrop any transmitted information. Besides third-party apps, such as Twitter or Facebook, also the Google Calendar app transmitted unencrypted information. Wallach stated that “an eavesdropper can definitely see your calendar transactions and can likely impersonate you to Google Calendar”. A fact that also applies to Google Contacts as another blog post revealed. We wanted to know if it is really possible to launch an impersonation attack against Google services and started our own analysis. The short answer is: Yes, it is possible, and it is quite easy to do so. Further, the attack is not limited to Google Calendar and Contacts, but is theoretically feasible with all Google services using the ClientLogin authentication protocol for access to its data APIs.”

Facebook Tweet LinkedIn

Sorry, comments are closed for this post.

Support beSpacific

Research updates provided daily since 2002, with an emphasis on primary sources.
Subscribe to our Mailing List
Follow beSpacific
Searchable Database – Over 45,000 Postings

Searchable database of over 45,000 postings!
Awards for BeSpacific

American Bar Association

BeSpacific: “No one better has her finger on the pulse of the legal information world than Sabrina Pacifici, law librarian and author of the blog BeSpacific,” writes blogger Robert Ambrogi. “Launched in 2002, BeSpacific is one of the longest-running legal blogs and, remarkably, Sabrina seems more prolific today than ever. She posts multiple items every day, covering the gamut of law, technology and knowledge discovery and topics ranging from cybersecurity to legal research to government regulation to civil liberties to IP and more. For me, BeSpacific is one of my daily must-reads and has been for 14 years straight.”

Expert Institute Award for Best Legal Tech Blog 2016, 2017 and 2018
BeSpacific - 3rd Place
Subjects

Pages
LLRX

Sabrina is also the solo Editor, Publisher and Founder of LLRX.com® – Legal, technology and knowledge discovery resources on the “moving edge” for Librarians, Lawyers, Researchers, Academic and Public Interest Communities – launched in 1996.
Archives – 2002 to Present
Archives – 2002 to Present
Calendar

November 2024

M T W T F S S

« Oct

1 2 3

4 5 6 7 8 9 10

11 12 13 14 15 16 17

18 19 20 21 22 23 24

25 26 27 28 29 30