Sign Up Now FAQ
Signup Now
In order to make a post or to start a new thread and or to interact with other
members of this board, you wil need to create an account first.
If this is your first visit, be sure to check out the FAQ. You have to register before you can post. If you have any problems, please contact us.
Flash a phone to Cricket Wireless Become a supporting member of Cricket Users Forum

Welcome to Cricket Users!

  • Google rolls out a security patch for Android to fix an encryption hole

    Google rolls out a security patch for Android to fix an encryption hole
    99 per cent of users were at risk
    By Asavin Wattanajantra
    Thu May 19 2011, 13:11

    SOFTWARE DEVELOPER Google is rolling out a security patch for Android that fixes a vulnerability reported to have affected 99 per cent of users.

    The patch fixes an issue flagged by German security experts that could allow hackers to look at personal information in the Google calendar and contacts apps.

    The University of Ulm researchers said that in Android 2.3.3 and earlier these apps transmitted unencrypted information to retrieve an authentication token, or Authtoken, from Google. This left an opening where criminals could steal the token through WiFi snooping.

    Once a hacker had one of these Authtokens, they could use it for several days, accessing your private information and potentially impersonating an individual smartphone. In Android 2.3.4 this flaw is fixed, but it was mentioned that 99 per cent of Android users were still using versions 2.3.3 and earlier, which meant they were all at risk.

    But now Google is updating all of the endangered handsets with a silent server-side patch that won't require any action by Android users, forcing servers to use an encrypted HTTPS connection when syncing with a handset.

    A Google spokesperson said, "We're starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts. This fix requires no action from users and will roll out globally over the next few days."

    Sophos security consultant Graham Cluley praised Google's actions but added, "Concerns still remain as to how easy it would be to fix a serious security vulnerability on the Android devices themselves, given that Google is so reliant on manufacturers and carriers to push out OS updates."


    This article was originally published in forum thread: Google rolls out a security patch for Android to fix an encryption hole started by admin View original post
Advertise With Us?
Advertise with us? (Position 1 - Advertise with Us) Small Banner