Google Rolls Out Updates for Android Security Hole

May 19, 2011 -

Responding to reports that 99.7 percent of Android-based phones suffered from a security hole that made vital personal data vulnerable to hackers, Google has released an automatic fix to deal with the problem. Google is trying to assure users that no action is needed on their part.

"Today we're starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts," said Google in a statement. "This fix requires no action from users and will roll out globally over the next few days."

The flaw was identified by Ulm University (Germany) researchers who who tested the security hole on a number of smart phones using the Android operating system. They also found that some phones sent unencrypted data, which clever hackers could "eavesdrop" on with the right tools.

"We wanted to know if it is really possible to launch an impersonation attack against Google services and started our own analysis," said researchers Bastian Könings and Jens Nickels.

"The short answer is: Yes, it is possible, and it is quite easy to do so. Further, the attack is not limited to Google Calendar and Contacts, but is theoretically feasible with all Google services using the ClientLogin authentication protocol for access to its data APIs."

Source: GameIndustry.biz


Comments

Re: Google Rolls Out Updates for Android Security Hole

Good, quick turnaround.  That's what I like to see.  Being able to rapidly fix security holes is as important a skill as preventing them in the first place -- because sooner or later, you're going to need to know how to do both.

 
Forgot your password?
Username :
Password :

Poll

Did you get a new video game for Christmas?:

Shout box

You're not permitted to post shouts.
ZippyDSMleehttp://www.afterdawn.com/news/article.cfm/2014/12/27/did-kim-dotcom-help-get-xbox-live-and-psn-back-online-yesterday12/28/2014 - 6:13pm
MaskedPixelanteHyrule Warriors pre-order DLC appears to be live for all.12/28/2014 - 2:46pm
Matthew WilsonI meant from a organizational pov end users get it in contract, but any site that would want to use it for 2 factor would have to pay alot of money12/27/2014 - 5:35pm
IanCSMS is expensive? In what country? I get something stupid a month on my contract. I think it might even be unlimited.12/27/2014 - 5:32pm
Matthew WilsonI am still amazed that 2 factor authentication has not become the norm yet. I get sms is expensive, but Google authanacator api is free for any website to use.12/27/2014 - 5:11pm
PHX Corphttp://techcrunch.com/2014/12/27/anonymous-leaked-a-massive-list-of-passwords-and-credit-card-numbers/ Guys change your passwords: Anonymous Leaked A Massive List Of Passwords And Credit Card Numbers12/27/2014 - 3:25pm
Matthew WilsonThis is impressive video editing. basketball tricks with a basketball. https://www.youtube.com/watch?v=OhCQeFX9GSg#t=18112/27/2014 - 2:01pm
MaskedPixelanteDude was at the center of a pretty serious plagiarism scandal back in 2011, and it was widely known he ripped off other musical pieces well before that.12/27/2014 - 9:33am
Kajex@Masked Right, because his work actually composing music for several Metroid games necessitated plagiarism.12/27/2014 - 9:04am
MaskedPixelanteI can't believe Kenji Yamamoto got another job. Then again, his job on Smash was "musical arrangment", so copying other people's work is right up his alley.12/26/2014 - 9:31pm
Matthew Wilsonthe company that hosts it is a cyber security firm, and from what I understand it is the data they they see just shown publicly.12/26/2014 - 8:22pm
Wonderkarpa question about that website, Matthew...how does it know its a cyberattack or not12/26/2014 - 8:06pm
Matthew Wilsonfor those intreasted in seeing cyber attacks in real time check out this site. http://map.ipviking.com/12/26/2014 - 7:51pm
PHX Corp@MP you can add me on XBL and Nintendo Network if you want, I go under TrustyGem(Same gamertag as on Steam)12/26/2014 - 2:01pm
CMinerI blame North Korea.12/25/2014 - 11:49pm
MechaTama31For the last few weeks, the GP site fails to load about 2/3 of the times I try.12/25/2014 - 11:13pm
MaskedPixelanteOK, is GP having trouble loading for anyone but me?12/25/2014 - 9:21pm
Matthew Wilsonits a bunch of script kiddies. ddosing is one of the easiest thing to do,and most companies can not stop it sadly.12/25/2014 - 5:05pm
MaskedPixelanteI like Nintendo as much as the next person, they're pretty much the only company putting out the games I want to play, but that was pretty embarassing to have NNID go down due to overuse.12/25/2014 - 4:35pm
MaskedPixelanteSee? It's NOT a repeat of last year's fiasco.12/25/2014 - 4:22pm
 

Be Heard - Contact Your Politician