[shaleem]

Just read this on MSN:


Androids leaking bank account logins and private data

"Hey, Android users: You may want to think twice before making those money transfers, posting embarrassing social updates, or taking naughty pics. A group has created a fake Wi-Fi hotspot and attack tool to spy on data being sent via Android apps, successfully capturing bank account logins, disabling security programs, and injecting codes into the data streams of popular apps used by millions. Fortunately, the group was just a bunch of researchers investigating security systems. But the results proved startling and are going viral on the Web. They showed nearly 8 percent of the apps tested (the most used ones in the Google Play store) had poor scrambling systems that couldn't prevent "man-in-the-middle" attacks and leaked private data."

[Xop777]

In fact this method can be used with any devices... IOS, Blackberry, Android, computers, iPods.... The best way to reduce hack chance is make sure that SSL protocol is used...

[twstd.reality]

^^ one of the reasons why I only do banking/shopping and looking up sensitive data in a browser on my PC connected via LAN.

[Xop777]

^^ one of the reasons why I only do banking/shopping and looking up sensitive data in a browser on my PC connected via LAN.

Even in with a computer, using wired link it can be done... a virus can direct each communication over a proxy, so we now have a man-in-the-middle trouble once again.

When it comes to have sensitive data (banking, credentials....) make sure to have a secure connection use SSL encryption. SSL protocol is made to detect MITM and refuse/close connection if this is the case. Even if packets are intercepted, using another methods it is almost impossible to decrypt them.

More infos here: Man-in-the-middle attack - Wikipedia, the free encyclopedia

[papped]

Use networks you trust for stuff like that... Has more to do with that than anything else...