Android Phone Tips
|Android Phone Tips|
Google has begun rolling out a patch to fix a security flaw in versions 2.3.3 and earlier of its Android mobile operating system. That flaw affects all Google services using the ClientLogin authentication protocol. It lets hackers access any personal data available through Android's application programming interfaces (APIs). "The flaw is now fixed for all versions of Android worldwide," Google spokesperson Randall Sarafa told LinuxInsider.
If the token is used in requests sent over unencrypted networks, such as WiFi networks, hackers can steal it. The hackers will gain full access to the victim's calendar, contacts information, or private Web-based photo albums. Google's patch forces an HTTPS connection for calendar and contacts sync on Android, Sarafa said.
Authentication tokens are widely used for online services such as eBay. There was a problem with the authentication token on Android because Google's implementation was faulty, Paul Laudanski, director of ESET's cyber threat analysis center, told LinuxInsider.
"The entry point is having an unpatched or vulnerable Android system connecting to Google services using ClientAuth over an unencrypted public WiFi network," Laudanski explained. Google services transmit the authorization token as an open text message, which can be easily stolen.
Android smartphone owners should stay away from heavily used public WiFi hotspots, Paquette warned. Wireshark is a network protocol analyzer for Unix and Windows. UDP, the User Datagram Protocol, is one of the core members of the Internet Protocol (IP) Suite. The team found that Google doesn't encrypt traffic to Google Calendar, although it properly encrypts traffic to Gmail and Google Voice.
A few days ago researchers at Ulm University in Germany found that it was “quite easy” for hackers to intercept data from Google’s photo-sharing, calendar and contacts applications, as well as potentially other Google services including Gmail, and already Google says it has “fixed” the problem.
The flaw worked by allowing unsecured wireless access points that imitate public Wi-Fi hot spots that the phone has accessed before to capture an authentication token. That token could then be used by attackers to access and modify personal data in calendar and contacts, as well as Google photo site Picasa. The problem may be short-lived, however for Google says the security flaw has been fixed in Android’s 2.3.4 version.
FORMER CEO Eric Schmidt has said that Google is will improve the security and privacy of Android devices by simplifying how its users define their sharing settings. According to the BBC, Schmidt, speaking at a UK conference on privacy, said that Google will simplify the app installation process and make it much clearer when and if users are expected to share their sensitive data. "It is worth stressing that we can only do this with data you have shared with Google.
By. Android Phone Tips