[ISN] Google Silently Patches Android Authentication Flaw

From: InfoSec News <alerts_at_private>
Date: Fri, 20 May 2011 02:57:08 -0500 (CDT)

By Fahmida Y. Rashid

Google is implementing a server-side fix to address the authentication 
flaw that allows third-parties to access Android user data on Google 
Calendar, Contacts and Picasa.

Google is planning to fix a security issue that could potentially allow 
hackers and cyber-crooks to access the personal information of people 
who use the company’s Android mobile operating system. Google plans to 
push out the fix within the next week.

Researchers at Germany’s University of Ulm originally found the 
vulnerability and published their findings on May 13. The flaw only 
impacts Android applications that authenticate with Google services, 
such as Calendar and Contacts. If the user opens a WiFi network and 
tries to access those services, a hacker could potentially intercept the 
authentication token and use it to log in to the user account for up to 
two weeks.

"Today we're starting to roll out a fix which addresses a potential 
security flaw that could, under certain circumstances, allow a 
third-party access to data available in Calendar and Contacts," a Google 
spokesman told eWEEK on May 18.


Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
Received on Fri May 20 2011 - 00:57:08 PDT

This archive was generated by hypermail 2.2.0 : Fri May 20 2011 - 01:10:53 PDT