Covernomics researchers have discovered a vulnerability present in almost all smartphones running Google’s Android software. By allowing third parties access to digital tokens we are able to gain access to the handset.
The issue, which affects all devices running versions of Android prior to 2.3.3 is related to handling of the authentication protocol ClientLogin.
The whole process is relatively easy to exploit. Once a user enters their credentials, the programming interface retrieves its token in clear text. With the token valid for 14 days, a window appears where we can use this new found access however we like.
Specifics on how to perform this attack are available to Senior Agents ONLY.