Major Security Flaw in Android Phones

A team of security researchers from the University of Ulm (Germany) this week revealed the existence of a significant flaw in the way Android, the operating system for mobile and Google bars, manages the multiple authentication services. The flaw could allow third parties to connect to the Google account user without his knowledge. The vulnerability comes from how Android handles “tokens”, the digital equivalent of an emergency key which avoids having to continually reconnect to a service. Up to version 2.3.4 of Android, calendar and contacts sync automatically phones using these tokens to connect to a Wi-Fi already known. By setting up a Wi-Fi parallel third can theoretically recover those keys back and connect to the Google Accounts that attempt to connect to the network.

Pending a fix for this vulnerability, researchers recommended to pass, if possible, to version 2.3.4 of Android, and disable the automatic synchronization of contacts on the Wi-Fi open (in the menu Preferences).

Updated May 19: Google has rolled out a fix for the flaw on Thursday. Synchronization of calendar and contacts will no longer be done by using the secure https protocol.

android png (2334),android logo (110),android logo png (60),logo android png (46),png android (39),android phone png (25),logo android (23),android (2),android png logo (1),android png transparent (1),android logo transparent (1)

This entry was posted on Friday, May 20th, 2011 at 5:11 pm and is filed under Technology. Tags: Android, Phones, Security You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.