Google Rolls Out Updates for Android Security Hole

May 19, 2011 -

Responding to reports that 99.7 percent of Android-based phones suffered from a security hole that made vital personal data vulnerable to hackers, Google has released an automatic fix to deal with the problem. Google is trying to assure users that no action is needed on their part.

"Today we're starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts," said Google in a statement. "This fix requires no action from users and will roll out globally over the next few days."

The flaw was identified by Ulm University (Germany) researchers who who tested the security hole on a number of smart phones using the Android operating system. They also found that some phones sent unencrypted data, which clever hackers could "eavesdrop" on with the right tools.

"We wanted to know if it is really possible to launch an impersonation attack against Google services and started our own analysis," said researchers Bastian Könings and Jens Nickels.

"The short answer is: Yes, it is possible, and it is quite easy to do so. Further, the attack is not limited to Google Calendar and Contacts, but is theoretically feasible with all Google services using the ClientLogin authentication protocol for access to its data APIs."

Source: GameIndustry.biz


Comments

Re: Google Rolls Out Updates for Android Security Hole

Good, quick turnaround.  That's what I like to see.  Being able to rapidly fix security holes is as important a skill as preventing them in the first place -- because sooner or later, you're going to need to know how to do both.

Forgot your password?
Username :
Password :

Shout box

You're not permitted to post shouts.
Papa MidnightBack to when, RedMade? A week ago? (seriously, though...)08/30/2015 - 1:55am
RedMageOh hey, a news station is trying to scapegoat gaming. That takes me back. https://twitter.com/GamingAnarchist/status/63754361236507443208/29/2015 - 1:40pm
Big PermA link to TB twitter with Matt Lees in the replies - https://twitter.com/Totalbiscuit/status/52528604482949939208/29/2015 - 12:16pm
Brad GlasgowWhy would he say the company lies about getting abuse? Oh, because people don't abuse GG?08/29/2015 - 10:38am
Big PermBrad - Matt Lees was also quick to say the company "Gamers Gate" lies about getting abusive messages thinking they were an official GG channel08/29/2015 - 9:11am
Goth_SkunkMGSV: The Phantom Integrity - A Rant by RazörFist. (NSFW on account of language). RazörFist discusses the latest batch of unethical journalist conduct, with a caveat. - http://ow.ly/RwXYT08/29/2015 - 7:10am
Goth_Skunk@Brad: I can.08/29/2015 - 6:13am
Goth_SkunkI assume "Stacy" is a pseudonym. After reading what she went through, I would not be one bit surprised if it is.08/29/2015 - 6:13am
Goth_SkunkA Year of #GamerGate: From Neutral To Anti To Neutral To Pro by "Stacy" - http://ow.ly/RwVeT08/29/2015 - 6:12am
Brad GlasgowI can't believe Matt Lees deleted his positive review of Ethan Carter because Chmielarz is sympathetic to GG.08/29/2015 - 5:30am
Goth_SkunkA GameDev's Year With #GG: The Good, The Bad, and The Ugly by Adrian Chmielarz - http://ow.ly/RwSCd08/29/2015 - 5:18am
Goth_SkunkDespite not being a fan of fighting games I had to check out that R Mika trailer. Loved it. Still won't buy the game though, on account of Isuckatstreetfighteritis.08/29/2015 - 2:42am
MechaCrashI use a Dynex DX-840 headset, but it's discontinued. :( I wanted a mono headset so I could keep the other ear free for my speakers, but it has the bonus of being very light and comfortable, so you don't notice it.08/29/2015 - 12:41am
Big PermSora - I was just having a slow day at work earlier. Now I'm home with vidya!08/28/2015 - 7:54pm
ZippyDSMleeSora-Chan: Blender is easy compared to 3Dmax :P08/28/2015 - 6:51pm
Sora-Chantime to take up a hobby? maybe messing around in GIMP to make wallpapers? use qCAD to design somethin? open Blender and stare at it for a couple hours trying to figure what does what?08/28/2015 - 6:41pm
Big PermAlso, yes. I've been spamming the shoutbox. I don't have much going on today, don't judge me08/28/2015 - 3:25pm
Big PermThanks, but yeah. Not sure I wanna drop that kind of cash :P I don't even mind the sound quality of my krakens, it just hurts to wear em after a couple hours.08/28/2015 - 3:25pm
Sora-Chan@Big Perm: I'm a bit of a fan of the Omega Recon3D headset from SoundBlaster. Though it is a bit expensive.08/28/2015 - 2:36pm
Big PermI actually need to look into a new headset. I have those green razer krakens and I would not suggest them. Though maybe they're better for people without glasses08/28/2015 - 11:32am

Be Heard - Contact Your Politician