Android identity hole fixed

By

Android users are set to receive an automatic patch for an authentication hole discovered in February.

Google has issued a server-side fix for a WiFi security hole that exposed Android user details over open networks.

Android identity hole fixed
Laihiuyeung Ryanne, CC2.0

 

The patch will be pushed out to users automatically "over the next few days" according to Google.

 

The security hole affected the ClientLogin protocol in older versions of the operating system below 2.3.4, which are run by the majority of users.

 

The protocol sent authentication credentials for native apps over unsecured HTTP to be exchanged for an authentication token.

 

The token could be intercepted over unsecured wireless networks and used to access Google calendar and contacts.

 

Android used the same token for weeks, according to the German researchers who found the flaw.

 

The vulnerability was said to exist for Google's Picasa photo storage service, but the company had not confirmed the flaw or if a patch would be issued.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:
androidgooglemobilespatchingsecurityvulnerability

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?