[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Netsec] Google Silently Patches Android Authentication Flaw



At 
http://www.eweek.com/c/a/Security/Google-Silently-Patches-Android-Authentic
ation-Flaw-837349/

Google is implementing a server-side fix to address the authentication
flaw that allows third-parties to access Android user data on Google
Calendar, Contacts and Picasa.

Google is planning to fix a security issue
<http://www.eweek.com/c/a/Security/Google-Silently-Patches-Android-Authenti
cation-Flaw-837349/#> that could potentially allow hackers and
cyber-crooks to access the personal information of people who use the
company¹s Android mobile operating system. Google plans to push out the
fix within the next week.

Researchers at Germany¹s University of Ulm
<http://www.eweek.com/c/a/Security/99-of-Android-Devices-Harbor-Authenticat
ion-Flaw-on-Open-WiFi-Networks-362697/>originally found the vulnerability
and published their findings on May 13. The flaw only impacts Android
applications that authenticate with Google services, such as Calendar and
Contacts. If the user opens a WiFi network and tries to access those
services, a hacker could potentially intercept the authentication token
and use it to log in to the user account for up to two weeks.
"Today we're starting to roll out a fix which addresses a potential
security flaw that could, under certain circumstances, allow a third-party
access to data available in Calendar and Contacts," a Google spokesman
told eWEEK on May 18.

[...]