Researchers have found security vulnerability in Android 2.3.3 in which your login credentials could be stolen. Since web applications like Google Calendar, Twitter, Facebook and others use unsecured connections to login, you may be at risk when connecting to a Wi-Fi hotspot. When you automatically connect to a secured connection, some of your online accounts will automatically login to synchronize your data. If you’re connecting to an unsecured hotspot you may be at risk. A hotspot could be setup for hackers to intentionally steal your login information, so it’s best to stay on a reliable wireless hotspot.
Anyone who knows how to use Wireshark could potentially steal your login information. The screenshot below shows the credentials of a Picasa account being openly visible inside of packet obtained through Wireshark.
While the Android 2.3.4 fixes most of the security issues, it’s still not 100% secure. Your best bet is to not connect automatically to an unsecured network when it’s in range. Additionally you could also disable the automatic synchronization from some of the website we’ve listed before until a full patch is released.
You may also want to inform others of this security issue since not everyone updates their phones frequently enough.
