Google Rolls Out Updates for Android Security Hole

May 19, 2011 -

Responding to reports that 99.7 percent of Android-based phones suffered from a security hole that made vital personal data vulnerable to hackers, Google has released an automatic fix to deal with the problem. Google is trying to assure users that no action is needed on their part.

"Today we're starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts," said Google in a statement. "This fix requires no action from users and will roll out globally over the next few days."

The flaw was identified by Ulm University (Germany) researchers who who tested the security hole on a number of smart phones using the Android operating system. They also found that some phones sent unencrypted data, which clever hackers could "eavesdrop" on with the right tools.

"We wanted to know if it is really possible to launch an impersonation attack against Google services and started our own analysis," said researchers Bastian Könings and Jens Nickels.

"The short answer is: Yes, it is possible, and it is quite easy to do so. Further, the attack is not limited to Google Calendar and Contacts, but is theoretically feasible with all Google services using the ClientLogin authentication protocol for access to its data APIs."

Source: GameIndustry.biz


Comments

Re: Google Rolls Out Updates for Android Security Hole

Good, quick turnaround.  That's what I like to see.  Being able to rapidly fix security holes is as important a skill as preventing them in the first place -- because sooner or later, you're going to need to know how to do both.

 
Forgot your password?
Username :
Password :

Poll

Who's responsible for crappy Netflix performance on Verizon?:

Shout box

You're not permitted to post shouts.
Matthew Wilson@pm I doubt it. Google seems to be distancing themselves from G+07/25/2014 - 9:31pm
Papa MidnightGoogle+ Integration is coming to Twitch!07/25/2014 - 8:41pm
MaskedPixelanteThis whole Twitch thing just reeks of Google saying "You thought you could get away from us and our policies. That's adorable."07/25/2014 - 2:52pm
Sleaker@james_fudge - hopefully that's the case, but I wont hold my breath for it to happen.07/25/2014 - 1:08pm
SleakerUpdate on crytek situation is a bit ambiguous, but I'm glad they finally said something: http://www.gamesindustry.biz/articles/2014-07-25-crytek-addresses-financial-situation07/25/2014 - 1:07pm
E. Zachary KnightMan Atlas, Why do you not want me to have any money? Why? http://www.atlus.com/tears2/07/25/2014 - 12:06pm
Matthew WilsonI agree with that07/25/2014 - 10:45am
james_fudgeI think Twitch will have more of an impact on how YouTube/Google Plus work than the other way around.07/25/2014 - 10:22am
IanCWelp, twitch is going to suck now. Thanks google.07/25/2014 - 6:30am
Sleaker@MP - Looked up hitbox, thanks.07/24/2014 - 9:40pm
Matthew WilsonI agree, but to me given other known alternatives google seems to the the best option.07/24/2014 - 6:30pm
Andrew EisenTo be clear, I have no problem with Google buying it, I'm just concerned it will make a slew of objectively, quantifiably bad changes to Twitch just as it's done with YouTube over the years.07/24/2014 - 6:28pm
Matthew WilsonI doubt yahoo has the resources to pull it off, and I not just talking about money.07/24/2014 - 6:15pm
SleakerI wouldn't have minded a Yahoo purchase, probably would have been a better deal than Tumblr seeing as they paid the same for it...07/24/2014 - 6:13pm
MaskedPixelanteIt's the golden age of Hitbox, I guess.07/24/2014 - 6:08pm
Matthew Wilsonagain twitch was going to get bought. It was just who was going to buy it . Twitch was not even being able to handle the demand, so hey needed a company with allot of infrastructure to help them. I can understand why you would not want Google to buy it .07/24/2014 - 5:49pm
Andrew Eisen"Google is better than MS or Amazon" Wow. Google, as I mentioned earlier, progressively makes almost everything worse and yet there are still two lesser options. Again, wow!07/24/2014 - 5:43pm
Andrew EisenI don't know. MS, in my experience, is about 50/50 on its products. It's either fine or it's unusable crap. Amazon, well... I've never had a problem buying anything from them but I don't use any of their products or services so I couldn't really say.07/24/2014 - 5:42pm
Matthew WilsonGoogle is better than MS or Amazon.07/24/2014 - 5:33pm
Sleaker@AE - I've never seen youtube as a great portal to interact with people from a comment perspective. like ever. The whole interface doesn't really promote that.07/24/2014 - 5:28pm
 

Be Heard - Contact Your Politician