Nearly all Android-based smartphones were susceptible to a security hack allowing third parties to access a user's private information, calendar and contacts, according to research.
Researchers at Germany's ULM University have discovered that all Google services using the company's ClientLogin API could have, until recently, been accessed remotely by third-party hackers, through methods the researchers say affected 99.7 percent of Android devices and are "quite easy" to perform.
The method is described as being similar to cookie theft, or "sidejacking," the method used by the infamous Firesheep plug-in for the Firefox web browser. It essentially captures unencrypted data that is "not bound to any session or specific device information," allowing third parties to bypass traditional login requirements and instantly access a user's information.
The link for this article located at Gamasutra is no longer available.