Security Engineer Discovers Droid X2 is Silently Sending Passwords to Motorola
Ben Lincoln, a security engineer based in Seattle, has discovered that his Motorola Droid X2 mobile phone has been silently transmitting his account passwords to Motorola.
While using his personal phone at work to do some testing, he discovered frequent connections to a domain owned by Motorola. He determined that many of his accounts' email addresses and passwords were being silently transmitted to Motorola over unencrypted channels.
Lincoln found that his Facebook, Twitter, Photobucket, Picasa and YouTube accounts' email addresses and passwords associated with those accounts were sent to Motorola, as well photos uploaded to services like Facebook and Photobucket. Lincoln has written out specific instructions on his website to replicate the results posted in his article.
The Motorola Droid X2 was announced and released in May 2011, three months before Google announced it was acquiring Motorola Mobility for US$12.5 billion.