Last Friday, a vulnerability in Google’s ClientLogin Protocol was disclosed that makes most Android users vulnerable to ”sidejacking.” All services (Calender, Contacts, Picasa, Stock Quotes, etc.) that use the Google’s ClientLogin API for “Auto Sync” are vulnerable.
Sidejacking (aka session hijacking) is not new to Wi-Fi. Firesheep that caused a stir last October is a recent example of a tool
No comments:
Post a Comment