Android identity hole fixed

By
Follow google news

Android users are set to receive an automatic patch for an authentication hole discovered in February.

Google has issued a server-side fix for a WiFi security hole that exposed Android user details over open networks.

Android identity hole fixed
Laihiuyeung Ryanne, CC2.0

 

The patch will be pushed out to users automatically "over the next few days" according to Google.

 

The security hole affected the ClientLogin protocol in older versions of the operating system below 2.3.4, which are run by the majority of users.

 

The protocol sent authentication credentials for native apps over unsecured HTTP to be exchanged for an authentication token.

 

The token could be intercepted over unsecured wireless networks and used to access Google calendar and contacts.

 

Android used the same token for weeks, according to the German researchers who found the flaw.

 

The vulnerability was said to exist for Google's Picasa photo storage service, but the company had not confirmed the flaw or if a patch would be issued.

Add iTnews as your trusted source

Add iTnews As Your Trusted Source Add iTnews As Your Trusted Source
Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:
androidgooglemobilespatchingsecurityvulnerability

Sponsored Whitepapers

Agile in the AI Era: why projects still fail
Agile in the AI Era: why projects still fail
When Technology Becomes the Blocker: Unlocking Real Outcomes from AI and Cloud
When Technology Becomes the Blocker: Unlocking Real Outcomes from AI and Cloud
High-volume data sources for AI-driven security analytics
High-volume data sources for AI-driven security analytics
How healthcare organisations can get more value from cloud
How healthcare organisations can get more value from cloud
1 in 3 companies lose SaaS data. Here’s how to prevent it
1 in 3 companies lose SaaS data. Here’s how to prevent it

Events

Most Read Articles

Anthropic opens Claude Mythos Preview AI program to Australia

Anthropic opens Claude Mythos Preview AI program to Australia
Defence says Palantir is "sandboxed" in its environment

Defence says Palantir is "sandboxed" in its environment
Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases
Researchers build self-replicating AI worm with BYO LLM

Researchers build self-replicating AI worm with BYO LLM
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?