Think Twice Before You Use Your Smart Phone at Starbucks

If your smartphone is one of the millions running Google's Android operating system, keep it off unsecured wifi networks like those at Starbucks. Your entire address book could be at risk. Ugh.

Android, the leading smart phone platform, is used in about one in three smartphones, including those from HTC, Motorola, and Samsung. Which is why it's alarming that Google's bundled Contacts and Calendar apps, along with the Android apps from Facebook and Twitter, have made it easy — almost trivial — for hackers to hijack your connection and personal information, since they've been transmitting authentication tokens with zero encryption. In a test, it was "quite easy" to capture "calendar, contacts information, or private web albums" from an Android phone on an open wifi network, according to a team of researchers at the University of Ulm.

There is an Android update to fix the problem, but most Android users do not keep up with updates because it takes a notoriously long time for updates to even become available to end users.

This is yet another example of why you should never use an unsecured wifi network like the ones at Starbucks without also taking some measure of special protection like, at minimum, making sure you're only accessing your email and social networks through https connections instead of regular http. Firesheep has already demonstrated how trivial it is to spy on laptop users at Starbucks; Google has, sadly, extended this vulnerability to smart phone users. If you've got an Android smart phone, your best bet is to keep it on the cellular data network whenever possible, reserving wifi use for your password protected home network.

[Via via Daring Fireball; photo via James Cridland/Flickr]