Google Fixes Security Hole

Nearly every smartphone running the Google Android platform today is readily vulnerable to data snoops and cyberthieves, who can easily pluck information from them over ordinary Wi-Fi networks and as consumers increasingly rely upon their phones for banking, shopping, and storing photos, phone numbers and addresses of friends and relatives. Android-based smartphones use security tokens to grant access to only certain bits of information on the phone and no smartphone comes with antivirus software, now google fixes Android Wi-Fi security hole……….

A German security firm recently found a loophole in mobile operating system Android that could have exposed up to 99% of some users’ information as contained in Android’s calendar and contacts features. While the problem doesn’t affect the latest Android release Gingerbread, most users have yet to convert to the release. The problem had to do with the fact that authentication tokens were being sent from Android users’ devices unencrypted across WI-FI networks, possibly exposing such information to hackers. Google has plugged an Android hole that could have allowed someone to snoop on an unencrypted Wi-Fi network and access calendar and contact data on the smartphones. “Today we’re starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third-party access to data available in Calendar and Contacts,” a Google spokesman said in a statement. “This fix requires no action from users and will roll out globally over the next few days.” Basically, the fix forces all Android devices to connect to Google Calendar and Contacts servers over https (Hyper Text Transfer Protocol Secure) so that someone snooping on an unprotected wireless network won’t be able to grab authentication tokens used by the operating system to validate devices.

Android customers will not have to do anything for the fix, which could take a couple of days to roll out to everyone. The latest release of Android 2.3.4 for smartphones and Android 3.0 for tablets, did not have the issue. But the fact that more than 99 percent of Android device owners are still using older versions was likely a factor in Google’s decision to expedite a fix. In a statement released by Google, the company said, “This fix requires no action from users and will roll out globally over the next few days.” The fix is expected to be automatically applied to all Android devices by the weekend. Experts have warned that security risks on Android could become more common due to the operating system’s functionality on so many mobile devices.

Sources : (1) , (2)

[ttjad keyword=”android-device”]

Leave a Reply