With a huge portion of smartphone users relying on the Android platform, we just came across a pretty serious vulnerability that can potentially leave all of your login information open for the world of hackers to see and use to inflict serious damage on your digital and financial life. And to make matters worse, this is a vulnerability that affects 99% of Android users.
According to researchers at the University of Ulm, Germany, all phones running any version prior to the Android 2.3.4 (which was just released about a week ago) are vulnerable to a fake WiFi connection attack. The way this attack works is that a hacker/scammer creates a fake WiFi network with the same name of a common, trusted WiFi connection (like T-Mobile, attwifi, starbucks, etc.) to which the phone will try to automatically connect and sync its apps such as Facebook, GMail, Twitter, etc. Except, instead of syncing with a legitimate network, this attempt will expose the login information to the hacker:
“To collect such authTokens [login credentials for apps such as Facebook, Twitter, G-Mail, etc.] on a large scale an adversary could setup a wifi access point with a common SSID (evil twin) of an unencrypted wireless network, e.g., T-Mobile, attwifi, starbucks…With default settings, Android phones automatically connect to a previously known network and many apps will attempt syncing immediately. While syncing would fail (unless the adversary forwards the requests), the adversary would capture authTokens for each service that attempted syncing.”
The research team proved this vulnerability by attempting to replicate this attack and found that it was pretty easy to do. What makes this threat even more serious is the fact that this attack can happen in the background as your phone can pick up the signal and attempt to login with it automatically. To keep your login information safe, it is recommended to turn off your WiFi connectivity until you download the updated 2.3.4 version of the Android operating system.