Uh oh. There’s a certain price that you have to pay for convenience and, in this case, it looks like that price is severely reduced security. It turns out that almost all the Android phones and tablets out there are vulnerable to a very easy attack. Researchers at the University of Ulm in Germany discovered an exploit in all devices running anything before Android 2.3.3. In short, any time you sign into a service like Twitter or Facebook, your device stores an authToken that is good for 14 days. And it’s really easy for hackers to get that authToken. Basically, they set up an access point with a common SSID like “default” or “attwifi”. If you turn on the Wi-Fi on your Android device and have it set to automatically connect to previously known networks, it will likely try to connect to this “new” access point. Then, your phone will automatically try to connect to Twitter, Facebook, and so on to sync up the accounts using the stored authTokens. And that’s when the “hacker” can nab the authTokens and essentially gain access to all of those accounts.
Not good. The easiest solution? Simply de-activate the auto-connect feature in your Android’s Wi-Fi settings. Better still, only connect to secured networks if at all possible. Stay safe, my friends, stay safe.