The Latest in IT Security

Google fixing Android Wi-Fi security hole

20
May
2011

Google is working on fixing a hole in Android that can allow someone to snoop around on an unencrypted WiFi network and access the user’s calendar and contact data on Android powered smartphones.

Google announced on 18,April-2011 that the flaw, which was first detected by researchers from the University of Ulm in Germany, occurs in the way that Android apps use the “ClientLogin” authentication feature to access any number of Google services, which includes Google Calendar and Contacts.

“Today we’re starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third-party access to data available in Calendar and Contacts. This fix requires no action from users and will roll out globally over the next few days,” said a spokesperson from Google.

Google’s fix, which should be coming out in the next few days, will force all Android devices to use the HTTPS protocol when connecting to Google Calendar and Contacts. This will prevent someone who is snooping around from accessing authentication tokens that are used by the operating system to validate devices.

Since most android users still use older versions of the operating system, Google is working on making this fix come out sooner. The latest releases of Android 2.3.4 and Android 3.0 do not have this issue.

Leave a reply


Categories

FRIDAY, MARCH 29, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments