Why You Should Never Use a Smart Phone at Starbucks

Actually you shouldn't use a smart phone (especially Android-powered) on any open wifi network, Starbucks' or otherwise.

So says a new study from the University of Ulm, in which a team of researchers "quite easily" initiated hack attacks and eavesdropped on several of phones running on the Android network.

We wanted to know if it is really possible to launch an impersonation attack against Google services and started our own analysis. The short answer is: Yes, it is possible, and it is quite easy to do so. Further, the attack is not limited to Google Calendar and Contacts, but is theoretically feasible with all Google services using the ClientLogin authentication protocol for access to its data APIs.

Essentially Android transmits "authentication tokens" that are grossly under-encrypted when using http servers. What this means in English is that on unsecured networks like those at Starbucks, smart-phone data is a sitting duck for hackers.

The solution to this problem is to download updates from Google. Those updates, however, come infrequently and are not usually automatic, so an Android smart-phone user has to be up on their shit in order to keep their phone safe.

Additionally, people with any Internet-accessing device should only access e-mail and other sensitive info on secure https servers, not http.

That or just skip hack-magnet hellholes like Starbucks altogether.

Follow The Daily Weekly on Facebook and Twitter.

comments powered by Disqus