Google Rolls Out Updates for Android Security Hole

May 19, 2011 -

Responding to reports that 99.7 percent of Android-based phones suffered from a security hole that made vital personal data vulnerable to hackers, Google has released an automatic fix to deal with the problem. Google is trying to assure users that no action is needed on their part.

"Today we're starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts," said Google in a statement. "This fix requires no action from users and will roll out globally over the next few days."

The flaw was identified by Ulm University (Germany) researchers who who tested the security hole on a number of smart phones using the Android operating system. They also found that some phones sent unencrypted data, which clever hackers could "eavesdrop" on with the right tools.

"We wanted to know if it is really possible to launch an impersonation attack against Google services and started our own analysis," said researchers Bastian Könings and Jens Nickels.

"The short answer is: Yes, it is possible, and it is quite easy to do so. Further, the attack is not limited to Google Calendar and Contacts, but is theoretically feasible with all Google services using the ClientLogin authentication protocol for access to its data APIs."

Source: GameIndustry.biz


Comments

Re: Google Rolls Out Updates for Android Security Hole

Good, quick turnaround.  That's what I like to see.  Being able to rapidly fix security holes is as important a skill as preventing them in the first place -- because sooner or later, you're going to need to know how to do both.

 
Forgot your password?
Username :
Password :

Shout box

You're not permitted to post shouts.
Andrew EisenNow, having said that, what sites are you reading that are claiming that if "you self-identify as a Gamer, you're immediately the problem" or that gamers are "obligated to stop harassment"? Or was that hyperbole too?09/21/2014 - 1:03am
Andrew EisenFirst of all, ONE person in the Shout box suggested an obligation to call harassers out on their harassing but only after YOU brought it up. Plus, Techno said "when you see it happening." If you don't see it, you're not under any obligation.09/21/2014 - 1:02am
Sleaker@Craig R. - at this point I don't even know what the hashtags are suppsed to be in support of. what does GamerGate actually signify.09/21/2014 - 12:21am
Sleaker@AE - Hyperbole for the first 2, but it seems like some of the comments in the shout are attempting to place blame on fellow gamers because they aren't actively telling people to stop harassing even though they don't necessarily know anyone that has.09/21/2014 - 12:16am
Andrew EisenSleaker - Who the heck are you reading that is claiming "all gamers are bad," we "need to pass laws or judgement on all gamers," that if "you self-identify as a Gamer, you're immediately the problem," or that gamers are "obligated to stop harassment"?09/20/2014 - 9:44pm
erthwjimhe swatted more than just krebs, I think he swatted 30 people http://krebsonsecurity.com/2014/05/teen-arrested-for-30-swattings-bomb-threats/09/20/2014 - 9:31pm
Craig R.Btw, the guy who swatted security expert Brian Krebs? He got picked up recently. It can be done.09/20/2014 - 8:55pm
Craig R.Such things are not done in a vacuum... hence why the 4chan and other logs show what fools you've all been, tricked into doing the trolls' work09/20/2014 - 8:49pm
Sleaker@Technogeek - How do you call someone out that anonymously calls in a SWAT team, or sends threats to people?09/20/2014 - 7:04pm
Technogeek"It also doesn't mean you're obligated to stop harassment from all gamers that are doing so." I'd say you're certainly obligated to call them out when you see it happening.09/20/2014 - 5:17pm
SleakerNow if you disagree with anything in my last 2 posts then we obviously have a difference in world view, and wont come to any sort of agreement. I'm fine with that, maybe some people aren't?09/20/2014 - 5:09pm
SleakerIt also doesn't mean that just because a news outlet says that Gamers are the problem and you self-identify as a Gamer, you're immediately the problem. It also doesn't mean you're obligated to stop harassment from all gamers that are doing so.09/20/2014 - 4:59pm
SleakerJust to re-iterate: People getting harassed is wrong. Just because someone is harassed by so called 'gamers' doesn't mean that all gamers are bad. nor does it mean that you need to pass laws or judgement on all gamers.09/20/2014 - 4:56pm
SleakerAnd furthermore just because someone doesn't 'crusade against the evil' that doesn't make them the problem. You can have discussion with those around you. There's a thing called sphere of influence.09/20/2014 - 4:54pm
Sleaker@Conster - one person getting harassed is a 'problem' only so far as the harassee's are doing it. Just because a select few people choose to act like this doesn't make it widespread. Nor does it immediately make everyone responsible to put an end to it.09/20/2014 - 4:54pm
james_fudgeno worries09/20/2014 - 4:15pm
TechnogeekI misread james' comment as "we can't have a debate without threatening" there at first. Actually wound up posting a shout about death threats and "kill yourself" not technically being the same thing before I realized.09/20/2014 - 3:59pm
james_fudgeDon't hit me *cowers behind Andrew*09/20/2014 - 3:20pm
ConsterYou take that back right now, james, or else. *shakes fist menacingly*09/20/2014 - 3:00pm
james_fudgeOur community is awesome. We can have a debate without threatening to kill each other.09/20/2014 - 2:50pm
 

Be Heard - Contact Your Politician