Google Promises Automatic Android Security Fix


Google Promises Automatic Android Security Fix
An automatic global fix for an Android flaw is being promised by Google after German researchers revealed a security flaw. The problem exposes the personal data of Android device users who rely on public Wi-Fi connections. A security expert says the flaw isn't a "sky is falling" threat, and the researchers suggested ways to avoid data loss.
In the wake of Google's self-proclaimed momentum at the Google I/O conference last week, the creator of Android is getting hit with some stark realities about the security of its open-source operating system. A newly discovered flaw has widespread potential.

There are 100 million activated Android devices, according to Google, and 400,000 new devices are activated every day. In all, researchers at Ulm University in Germany who discovered the flaw last week estimate about 98 percent of Android users are vulnerable.

"We wanted to know if it is really possible to launch an impersonation attack against Google services and started our own analysis. The short answer is: Yes, it is possible, and it is quite easy to do so," the researchers wrote in a blog. "Further, the attack is not limited to Google Calendar and Contacts, but is theoretically feasible with all Google services using the ClientLogin authentication protocol for access to its data APIs."

How Bad Is It?

Google responded with an official statement: "Today we're starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in Calendar and Contacts. This fix requires no action from users and will roll out globally over the next few days."

As Mike Paquette, chief strategy officer at Top Layer Security, sees it, Google is dealing with a serious vulnerability -- and individual users could indeed lose confidential information.

Still, he added, this doesn't reach the "sky is falling" category since the attacker would require some level of physical proximity to the victim to steal the authentication tokens that would enable fraud, theft or loss.

Source: link
Google Promises Automatic Android Security Fix on
Tags:  , ,
About this author
Staff reporter
Recent Articles by this author
16 November, 2015
For those around during the early days of Nintendo, Excitebike was a staple of nearly...
27 August, 2015
Gaming and television have long remained hugely popular forms of entertainment chosen...
12 May, 2015
Apple may have invented the tablet as we know it today but the market has been rounded...
9 March, 2015
If you're like me, you probably tend to discount mobile app games as small, tedious...