Feeds

Droid X2 plus ActiveSync equals DATA SLURP

Oh no, Moto

3 Big data security analytics techniques

A Seattle-based security engineer has made the remarkable and disturbing claim that Motorola's Droid X2 using ActiveSync sends sensitive user data back to the company at pretty much every opportunity.

Ben Lincoln writes here that he discovered the data after routing his phone's data through a proxy to test Microsoft Exchange ActiveSync, and discovering a Motorola-owned domain, svcmot.com, in the proxy logs.

Lincoln writes that “connections to Motorola were triggered every time I updated the ActiveSync configuration on my phone, and that the unencrypted HTTP traffic contained the following data:

  • The DNS name of the ActiveSync server (only sent when the configuration is first created).
  • The domain name and user ID I specified for authentication.
  • The full email address of the account.
  • The name of the connection.

“As I looked through more of the proxy history, I could see less-frequent connections in which larger chunks of data were sent - for example, a list of all the application shortcuts and widgets on my phone's home screen(s).”

He goes on to detail a host of data captures associated with Facebook, Twitter, Picasa, Photobucket, YouTube, IMAP and POP3 e-mail accounts, Yahoo! Mail accounts, Flickr, and RSS feeds. For many account types, Lincoln notes, passwords are included in the data sent to Motorola.

Device IMEI and IMSI, phone number, carrier, and a host of other device-specific details are also captured. Lincoln also provides detailed instructions for others to try to reproduce what he's observed.

The Register has requested comment from Motorola, and will update readers if a response is received. ®

3 Big data security analytics techniques

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.