Google Rolls Out Updates for Android Security Hole

May 19, 2011 -

Responding to reports that 99.7 percent of Android-based phones suffered from a security hole that made vital personal data vulnerable to hackers, Google has released an automatic fix to deal with the problem. Google is trying to assure users that no action is needed on their part.

"Today we're starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts," said Google in a statement. "This fix requires no action from users and will roll out globally over the next few days."

The flaw was identified by Ulm University (Germany) researchers who who tested the security hole on a number of smart phones using the Android operating system. They also found that some phones sent unencrypted data, which clever hackers could "eavesdrop" on with the right tools.

"We wanted to know if it is really possible to launch an impersonation attack against Google services and started our own analysis," said researchers Bastian Könings and Jens Nickels.

"The short answer is: Yes, it is possible, and it is quite easy to do so. Further, the attack is not limited to Google Calendar and Contacts, but is theoretically feasible with all Google services using the ClientLogin authentication protocol for access to its data APIs."

Source: GameIndustry.biz

Comments

Re: Google Rolls Out Updates for Android Security Hole

Submitted by Thad on Sat, 05/21/2011 - 15:12.

Good, quick turnaround.  That's what I like to see.  Being able to rapidly fix security holes is as important a skill as preventing them in the first place -- because sooner or later, you're going to need to know how to do both.

 
Forgot your password?
Username :
Password :

Shout box

You're not permitted to post shouts.
MechaTama31Of course, I'm looking at these tweets in isolation, I don't know a thing about the guy.10/19/2014 - 7:06pm
MechaTama31If anything, the sarcastic implication seems to be that the SJW crowd is bringing back the bullying of nerds. But it's the GGers who are out for his blood? I'm lost...10/19/2014 - 7:01pm
MechaTama31I don't really get this Sam Biddle thing. The reaction to his tweets seems to be taking them at face value, but... they're tongue in cheek. Right?10/19/2014 - 7:00pm
Andrew EisenI have it. The problem, so far as I can tell, is neither of them allow me to overlay my webcam feed or text links to my Extra-Life fundraising page.10/19/2014 - 4:08pm
quiknkoldand yes, its free10/19/2014 - 4:05pm
quiknkoldshould grab Hauppauge capture. has mic support and can upload directly to youtube10/19/2014 - 4:05pm
Andrew EisenThe former.10/19/2014 - 4:00pm
quiknkoldwas it StreamEez, or the StreamEez feature in Hauppauge Capture? cause I know Capture has alot more support from the devs.10/19/2014 - 3:54pm
Andrew EisenI actually tried StreamEez last week. Flat out didn't work.10/19/2014 - 3:53pm
quiknkoldI use the Hauppauge Capture software's StreamEez. Arcsoft showbiz for recording. I just streamed a few hours of Persona 4 Golden with zero problem using the program. Xsplit is finniky when it comes to Hauppauge10/19/2014 - 3:40pm
Andrew EisenTrying to capture console games and broadcast with Open Broadcaster System because I've had technical difficulties using XSplit 3 weeks in a row.10/19/2014 - 3:37pm
quiknkoldand what are you trying to capture?10/19/2014 - 3:31pm
quiknkoldsame one I have. ok. what program are you using?10/19/2014 - 3:31pm
Andrew EisenHaupaugge HD PVR 210/19/2014 - 3:28pm
quiknkoldWhat Capture Card are you using, Andrew10/19/2014 - 3:26pm
quiknkoldI know Biddle isnt Kotaku. he's just a employee. Its up to Kotaku if they want to punish him for being a public representative of Kotaku...well...I wouldnt be against it.10/19/2014 - 3:26pm
Andrew EisenLovely, my capture card is not (yet) compatible with the broadcaster I want to use. Let's hope my workaround works!10/19/2014 - 3:19pm
Andrew EisenIf you find Biddle's statement off-putting, then you're certainly directing your distaste at the correct entity.10/19/2014 - 3:18pm
quiknkoldas somebody who once had his skull fractured behind a grocery store as a kid because I was a nerd. Sam Biddle can eff himself with barbwire10/19/2014 - 2:59pm
Matthew WilsonI dont agree with it, but that doesnt mean its not true sadly.10/19/2014 - 2:36pm
All shouts
 

Be Heard - Contact Your Politician