Google Rolls Out Updates for Android Security Hole

May 19, 2011 -

Responding to reports that 99.7 percent of Android-based phones suffered from a security hole that made vital personal data vulnerable to hackers, Google has released an automatic fix to deal with the problem. Google is trying to assure users that no action is needed on their part.

"Today we're starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts," said Google in a statement. "This fix requires no action from users and will roll out globally over the next few days."

The flaw was identified by Ulm University (Germany) researchers who who tested the security hole on a number of smart phones using the Android operating system. They also found that some phones sent unencrypted data, which clever hackers could "eavesdrop" on with the right tools.

"We wanted to know if it is really possible to launch an impersonation attack against Google services and started our own analysis," said researchers Bastian Könings and Jens Nickels.

"The short answer is: Yes, it is possible, and it is quite easy to do so. Further, the attack is not limited to Google Calendar and Contacts, but is theoretically feasible with all Google services using the ClientLogin authentication protocol for access to its data APIs."

Source: GameIndustry.biz


Comments

Re: Google Rolls Out Updates for Android Security Hole

Good, quick turnaround.  That's what I like to see.  Being able to rapidly fix security holes is as important a skill as preventing them in the first place -- because sooner or later, you're going to need to know how to do both.

 
Forgot your password?
Username :
Password :

Shout box

You're not permitted to post shouts.
ZippyDSMleePaypal shuts down Mega's payment system. https://torrentfreak.com/under-u-s-pressure-paypal-nukes-mega-for-encrypting-files-150227/03/01/2015 - 3:25pm
Matthew Wilsonvalvle planning to release a vr headset this year wtf http://www.pcgamer.com/valves-vr-headset-is-named-vive-and-htc-are-making-it/03/01/2015 - 1:05pm
ZippyDSMleeuuuhhhggg in other news been sick since last night.....uuhggg.....I iwsh it did not hurt so much when my tummy wants to leave my body..02/28/2015 - 11:39pm
ZippyDSMleeBrings me to the Q why alt costumes would be needed in competition anyway... http://www.eventhubs.com/news/2015/feb/28/dead-or-alive-community-aims-ban-over-120-overly-sexualized-costumes-dead-or-alive-5-last-round/02/28/2015 - 11:36pm
MonteThough from a business side, i would agree with the article. While it would be smarter for developers to slow down, you can't expect EA, Activision or ubisoft to do something like that. Nintnedo's gotta get the third party back.02/28/2015 - 4:36pm
MonteThough it does also help that nintendo's more colorful style is a lot less reliant on graphics than more realistic games. Wind Waker is over 10 years old and still looks good for its age.02/28/2015 - 4:33pm
MonteWith the Wii, nintnedo had the right idea. Hold back on shiny graphics and focus on the gameplay experience. Unfortunatly everyone else keeps pushing for newer graphics and it matters less and less each generation. I can barely notice the difference02/28/2015 - 4:29pm
MonteON third party developers; i kinda think they should slow down to nintendo's pace. They bemoan the rising costs of AAA gaming, but then constantly push for the best graphics which is makes up a lot of those costs. Be easier to afford if they held back02/28/2015 - 4:27pm
Matthew Wilsonhttp://www.forbes.com/sites/insertcoin/2015/02/28/the-world-is-nintendos-if-only-theyd-take-it/ I think this is a interesting op-ed, but yeah it kind of is stating the obvious.02/28/2015 - 2:52pm
prh99The government probably doesn't need an app, but I was think more along the lines of a company that was going to sell the collected info. “If you're not paying for the product, you are the product” sometimes even if you pay.02/28/2015 - 1:50pm
E. Zachary KnightWhat better way for the government to keep track of you than to get you to install an app that lets you insult the government.02/28/2015 - 11:03am
prh99No, but I looked it up and it's basically spyware. Their privacy policy says their apps tracks among other things your location and browsing habits via cookies.02/28/2015 - 8:20am
Ryan RardinHas anyone here heard of an app called iCitizen? It's basically Yelp for politicians.02/28/2015 - 5:16am
Andrew EisenAh, not linked in the way you (and everyone else) want and expect. That's true.02/27/2015 - 10:06pm
Matthew Wilsonthey are not linked in a way that tracks purchases though. the fact that they have to send a code for the other system shows that they are not linked in the way it counts.02/27/2015 - 9:39pm
Andrew EisenAccounts are already linked. Have been for quite a while. Also, Mario vs. Donkey Kong was announced as a cross-buy title during last January's Nintendo Direct.02/27/2015 - 9:25pm
Matthew Wilsonhttp://www.vg247.com/20…/…/27/olli-olli-3ds-wii-u-cross-buy/ I wounder if this is a sign that Nintendo may finally link accounts across the 3ds/wiiu in the near future.02/27/2015 - 9:18pm
prh99http://www.romanoriginals.co.uk/invt/70931?colour=Blue The dress does comes in white and blue but both have black lace and a sheer back top, I don't see gold or brown. 02/27/2015 - 8:54pm
ZippyDSMleeDungeons was a so bad so good game to me so I been keeping up with its sequel which will more of a Dungeon Keeper clone. As for pre order out of 7 preorders I was not burnt by 2... Add my contempt of most of modern game design.Ya I have all kinds of hurt.02/27/2015 - 8:40pm
MechaTama31I don't even want to know...02/27/2015 - 8:22pm
 

Be Heard - Contact Your Politician