Google Rolls Out Updates for Android Security Hole

May 19, 2011

Responding to reports that 99.7 percent of Android-based phones suffered from a security hole that made vital personal data vulnerable to hackers, Google has released an automatic fix to deal with the problem. Google is trying to assure users that no action is needed on their part.

"Today we're starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts," said Google in a statement. "This fix requires no action from users and will roll out globally over the next few days."

The flaw was identified by Ulm University (Germany) researchers who who tested the security hole on a number of smart phones using the Android operating system. They also found that some phones sent unencrypted data, which clever hackers could "eavesdrop" on with the right tools.

"We wanted to know if it is really possible to launch an impersonation attack against Google services and started our own analysis," said researchers Bastian Könings and Jens Nickels.

"The short answer is: Yes, it is possible, and it is quite easy to do so. Further, the attack is not limited to Google Calendar and Contacts, but is theoretically feasible with all Google services using the ClientLogin authentication protocol for access to its data APIs."

Source: GameIndustry.biz

Comments

Re: Google Rolls Out Updates for Android Security Hole

Submitted by Thad on Sat, 05/21/2011 - 16:12.

Good, quick turnaround.  That's what I like to see.  Being able to rapidly fix security holes is as important a skill as preventing them in the first place -- because sooner or later, you're going to need to know how to do both.

Forgot your password?
Username :
Password :

Shout box

You're not permitted to post shouts.
E. Zachary KnightGamasutra explores the failure of Streetfighter X Tekken and has one of the best arguments against on-disk DLC I have ever read: http://tinyurl.com/d399ylu05/25/2012 - 1:46pm
ddrfr33kabout the xbox live hacks from last year, now we know: http://kotaku.com/5913228/report-how-scammers-are-stealing-xbox-live-accounts-and-what-they-do-with-them05/25/2012 - 12:31pm
tallimarhttp://news.cnet.com/8301-1035_3-57440902-94/microsoft-legal-win-over-google-may-signal-ceasefire/05/24/2012 - 10:17pm
ZippyDSMleeTIme or an operation!05/24/2012 - 6:43pm
ZippyDSMleePC parts are in wish me luck or hell!!05/24/2012 - 6:43pm
MaskedPixelante38 Studios and Big Huge Games are pretty much dead now. http://www.joystiq.com/2012/05/24/38-studios-and-big-huge-games-lay-off-entire-staffs05/24/2012 - 4:39pm
DorthLousActually, nop, I did miss the emoticon for some reason (getting used to pics?) and I didn't know you changed it since (since I posted previous to my shout and it was still there.) Anyhow, thanks for taking it out!05/23/2012 - 6:01pm
james_fudgeWell we were just testing it. but it is still on the submission to fight $pam.05/23/2012 - 5:48pm
E. Zachary KnightJames, No I don't have it. I was just wondering who does and why. More curiosity than anything.05/23/2012 - 5:38pm
james_fudgeDid you not see the emoticon and did you not see that it has already been changed back?05/23/2012 - 5:10pm
james_fudgeLOL05/23/2012 - 5:07pm
DorthLousWhy? Not shocked that people are barking to an additional hoop to jump through when posting from their already logged in account or just mentionning this to try to paint me as one always complaining?05/23/2012 - 4:45pm
james_fudgebig shock there ;)05/23/2012 - 4:30pm
DorthLousI'll add my voice to those wanting it gone :S I'm already logged in, I don't need a captch'a. That's for those registering.05/23/2012 - 3:54pm
james_fudgeEt tu EZK?!?05/23/2012 - 3:51pm
Craig R.I'm a One Man Quorum! And it's working for me now, thanks. :)05/23/2012 - 3:48pm
E. Zachary KnightHow do we determine who get's the game/captcha thingy? Is there a certain posting threshhold users have to meet before it is turned off?05/23/2012 - 2:25pm
james_fudgeGive it a chance, we're still adjusting it ;)05/23/2012 - 11:20am
james_fudgeOne does not a Quorum make Craig.05/23/2012 - 11:16am
Craig R.If I complete the stupid game, and it just deletes my comment, what's the point?05/23/2012 - 11:15am
All shouts

Be Heard - Contact Your Politician