Google Rolls Out Updates for Android Security Hole

May 19, 2011 -

Responding to reports that 99.7 percent of Android-based phones suffered from a security hole that made vital personal data vulnerable to hackers, Google has released an automatic fix to deal with the problem. Google is trying to assure users that no action is needed on their part.

"Today we're starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts," said Google in a statement. "This fix requires no action from users and will roll out globally over the next few days."

The flaw was identified by Ulm University (Germany) researchers who who tested the security hole on a number of smart phones using the Android operating system. They also found that some phones sent unencrypted data, which clever hackers could "eavesdrop" on with the right tools.

"We wanted to know if it is really possible to launch an impersonation attack against Google services and started our own analysis," said researchers Bastian Könings and Jens Nickels.

"The short answer is: Yes, it is possible, and it is quite easy to do so. Further, the attack is not limited to Google Calendar and Contacts, but is theoretically feasible with all Google services using the ClientLogin authentication protocol for access to its data APIs."

Source: GameIndustry.biz


Comments

Re: Google Rolls Out Updates for Android Security Hole

Good, quick turnaround.  That's what I like to see.  Being able to rapidly fix security holes is as important a skill as preventing them in the first place -- because sooner or later, you're going to need to know how to do both.

 
Forgot your password?
Username :
Password :

Shout box

You're not permitted to post shouts.
E. Zachary KnightGot that same recommendation on Twitter. So I guess that is a good sign.09/15/2014 - 8:39pm
prh99Portlandia, though I don't watch a lot of sitcoms. Heard it was good though.09/15/2014 - 8:02pm
E. Zachary KnightSitcom recommendations for someone who like Parks and Rec but hates The Office: Go.09/15/2014 - 6:08pm
NeenekoEven if they do change their policy, they can only do it moving forward and I could see the mod/pack community simply branching.09/15/2014 - 12:50pm
Michael ChandraAs for take the money and run, the guy must have a networth of 8~9 digits already.09/15/2014 - 10:33am
Michael ChandraMe, I'm more betting on some form of mod API where servers must run donations/payments through them and they take a cut.09/15/2014 - 10:32am
Michael ChandraEspecially since they want it for promoting their phones. Killing user interest is the dumbest move to make.09/15/2014 - 10:32am
Michael ChandraGiven how the EULA actively allows for LPs, I'm not sure Microsoft is ready for the backlash of disallowing that.09/15/2014 - 10:31am
Matthew Wilsonthey wont do that, the backlash would be too big.09/15/2014 - 10:25am
ConsterSleaker: how is that a flipside? Sounds to me like that's basically what Notch himself said, except rudely.09/15/2014 - 10:18am
MaskedPixelanteOn the plus side, no more lazy Minecraft LPs, since iirc Microsoft has a strict "no monetization period" policy when it comes to their stuff.09/15/2014 - 10:13am
james_fudgeBut it continues to sell on every platform it is on, so there's that09/15/2014 - 10:09am
james_fudgeOh, well that's another matter :)09/15/2014 - 10:08am
E. Zachary KnightNothing against Notch here. I think it is great that he made something so cool. I just can't understand how it is worth $2.5 bil09/15/2014 - 9:59am
InfophileWhat a world we live in: Becoming a billionaire was the easy way out for Notch.09/15/2014 - 9:42am
james_fudgelots of hate for Notch here. I don't get it. Sorry he made a game everyone loved. What a monster he is!09/15/2014 - 9:37am
SleakerOn the flipside, Notch has been a horrible CEO for Mojang, and the company has grown on sheer inertia, DESPITE being mishandled over and over.09/15/2014 - 9:33am
SleakerI can understand Notch's statements he made to Kotaku about growing bigger than he intended, and getting hate for EULA changes he didn't enact.09/15/2014 - 9:32am
MaskedPixelantehttp://pastebin.com/n1qTeikM Notch's statement about the MS acquisition. He wanted out for a long time and this was the easiest way.09/15/2014 - 9:08am
ConsterEh, I can't blame him.09/15/2014 - 9:01am
 

Be Heard - Contact Your Politician