Experts are warning of the dangers of unsecured Wi-Fi connections after a group of German researchers uncovered a security flaw which could leave Android users' contact information exposed.
Researchers from Ulm University reported that many Android handsets and tablets are currently vulnerable to attack via an unsecured Wi-Fi connection when used to access authentication tokens for Google's Calendar, Contacts and Gallery services.
The vulnerability lies in the handling of the authToken component. When the user is connected on an open Wi-Fi connection, an attacker could capture and reuse the token to access data on the Google services.
"The implications of this vulnerability reach from disclosure to loss of personal information for the Calendar data," the researchers wrote.
"For Contact information, private information of others is also affected, potentially including phone numbers, home addresses and email addresses."
The flaw is found in handsets running Android versions prior to 2.3.4 and tablets running Android versions prior to 3.0. The authorisation is performed over a secure connection on newer versions which prevents harvesting of the tokens.
The researchers suggest that, if possible, Android handset owners should update to the newest version for their device.
Cesare Garlati, senior director of consumerisation at Trend Micro, warned that the incident highlights factors unique to mobile devices and Android in particular.
However, in many cases, the security protection on the Android operating system can mitigate the potential damage caused by flaws.
"The operating system is designed to insulate applications. Any data leak that can happen is much more limited compared with a more traditional environment," Garlati told V3.co.uk.
The mobile platform can also contribute to the risk since users often connect to unencrypted public Wi-Fi hotspots.
Garlarti noted that many devices are subject to the sort of unsecure connections described by the Ulm University researchers, but that more open platforms such as Android can benefit from the increased scrutiny when multiple researchers and developers are given access to the system.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago