News & Resources

Androids require no identify verification on public Wi-Fi

May 26, 2011 Brian Bradley

Android mobile device owners with private and protected data on their phone should avoid public Wi-Fi networks if they do not wish their phones to get hacked. According to the Register, "99 percent of Android phones leak secret account credentials." With identity theft on the rise, this poses an extreme risk for mobile device owners who keep top-secret information regarding their personal lives, email accounts, banking information or anything else that they would not hackers to steal on their phones. According to Forbes, security researchers have found that apps made for Android, such as Google Calendar, Twitter and Facebook, are all sending identity authentication tokens out without any protection, giving hackers the OK to access this information without any identity verification. "We wanted to know if it is really possible to launch an impersonation attack against Google services and started our own analysis," the researchers at Germany's University of Ulm's Institute of Media Informatics said, the Register reported. "The short answer is: Yes, it is possible, and it is quite easy to do so." Mobile apps that use ClientLogin are advised to immediately begin using encrypted https channels, according to the source. It has also been suggested that Google heighten its security efforts. This information comes at a time when identity theft is becoming a bigger issue, with hackers logging into systems left and right to pilfer consumers' likenesses. It has become such a problem that the Obama administration recently launched an E-Verify system that allows employers to verify potential job candidates' names and social security numbers to ensure that they simply did not steal someone else's identity, as many have, to gain employment.