More

Google: Android Security Fix Addresses ClientLogin Data Leak

Google Android Security Fix

The Huffington Post   First Posted: 05/18/11 07:13 PM ET Updated: 07/18/11 06:12 AM ET

Inspiring
 Funny
 Obsolete
 Scary
 Must-Have
 Amazing
 Innovative
 Nerdy

Google's Android team is releasing a platform fix that patches a troubling security breach leaving users' personal information at the mercy of hackers.

"This fix requires no action from users and will roll out globally over the next few days," Google told All Things D in a statement on Wednesday.

Recent research conducted at Germany's University of Ulm found that up to 99% of Android handsets may be leaking users' login information when apps connect to Google's servers via unencrypted WiFi networks. The exploit potentially gives third parties access to users' calendar, contact, photo apps and more.

Most devices vulnerable to this kind of attack are those running Android version 2.3.3 and earlier.

If you're an Android user who hasn't updated (or can't update) to 2.3.4, don't connect your device to unsecured WiFi networks until you've received Google's forthcoming security patch.

FOLLOW HUFFPOST TECH

Google's Android team is releasing a platform fix that patches a troubling security breach leaving users' personal information at the mercy of hackers. "This fix requires no action from users and w...
Google's Android team is releasing a platform fix that patches a troubling security breach leaving users' personal information at the mercy of hackers. "This fix requires no action from users and w...
Related News On Huffington Post:
 

More in Technology...


 
 
  • Comments
  • 51
  • Pending Comments
  • 0
  • View FAQ
Comments are closed for this entry
View All
Favorites
Recency  | 
Popularity
This user has chosen to opt out of the Badges program
photo
Deona Renna Hooper
7 Fans
06:04 PM on 05/23/2011
I switched briefly from Blackberry to Android for about two weeks. I loved the bigger screen, better graphics, and the upgraded camera. However, I felt the Android system had more control over my behavior than I had control over it. The phone lacked the ability for the user to change security settings for applications, no way to protect yourself from open source hacker issues, no way to delete preloaded applications which stored user data, and I couldn't copy and paste from sms text to facebook. With the front faceing camera, security issues, and granted access by applications, its just too much to deal with from a phone. I have more control over my home pc, and I don't use it a fraction as much as my phone. As a matter of fact, my phone has more personal information stored on it than my pc. With that said, I switched back to blackberry and upgraded my Bold to the OS 6.0. I like the upgraded interface for the most part. There are a few things I don't like such as the blackberry browser which has many issues. However, I downloaded Opera Mini to do the job. With blackberry, I grant how much access each application may have. Blackberry has a new OS 7 being rolled out.
Permalink  |
photo
HUFFPOST SUPER USER
GeorgieMark
Cogito Ergo Sum
163 Fans
 
10:33 AM on 05/19/2011
Anyone who connects online via unencrypted WiFi networks is simply begging for trouble.

An unencrypted wifi modem is a back-door entrance to everything that is connected with it, be it a Mac PC tvs etc.

As before a smartphone is as smart as the person who's using it.
Permalink  |
photo
HUFFPOST COMMUNITY MODERATOR
Daws
Wants to go to there.
154 Fans
10:54 AM on 05/19/2011
I think you just said all that so you could use "back-door entrance".
Permalink  |
photo
HUFFPOST SUPER USER
GeorgieMark
Cogito Ergo Sum
163 Fans
 
12:15 PM on 05/19/2011
Saw right through me. ;-)
Permalink  |
photo
Nec V20
Liberal with five knuckles to back it up
523 Fans
10:08 AM on 05/19/2011
At least Google is doing something about it.

Apple's Mac OS X has had MASSIVE security holes in it which have been known about for well over two years and they have done nothing to address them.

On the other hand, Google may offer a patch, but considering how tardy the cell phone manufacturers are with offering updates for their cell phones - I look around and the only Android cell phone you can get with 2.3.4 is the Google Nexus S. HTC depending on model is between 2.2.1 and 2.3.3, LG at 2.2.2, Motorola between 2.1 and 2.2 and Sony Erickson is pretty steady at 2.3.2 so I am not advising anyone to hold their breath with regard to getting a patch fro their phone any time real soon (except for the Google phone of course).
Permalink  |
photo
HUFFPOST SUPER USER
GeorgieMark
Cogito Ergo Sum
163 Fans
 
04:25 PM on 05/20/2011
The problem with Android OS development is the OEM's persistence in tweaking with Google's code and it takes them a while to retweak when Google releases the next android update.
It was one of my early concerns about getting an Android phone, so I went for a Nexus S and never looked back.
BTW I received the 2.3.4 update OTA about a week ago.
Permalink  |
manelady
233 Fans
08:58 AM on 05/19/2011
Well, hurry up and fix it so I can get my new phone.
Permalink  |
photo
HUFFPOST SUPER USER
theveggiedude
my body is a temple, not a living graveyard
254 Fans
 
02:44 AM on 05/19/2011
Have they even fixed the SMS problem from 9 months ago? (Android phones sending SMS to wrong people)
Permalink  |
photo
netzwerg
345 Fans
07:48 AM on 05/19/2011
I never had that problem with my Android phone.
Permalink  |
photo
HUFFPOST SUPER USER
CaptainObvvious
Calling me a liberal is a compliment!
689 Fans
08:31 AM on 05/19/2011
Then that must mean that there never was a problem. Whenever Android has problems their fandroids come out saying "I never had this problem" or try and explain it away.

I actually have no idea if this problem ever existed and I am not actually making fun of you but am just replying to you in the same fashion that Apple haters respond on Apple articles when we say we never had that problem.
Permalink  |
HUFFPOST SUPER USER
menschmaschine5
31 Fans
09:37 AM on 05/19/2011
I believe they have. Of course, unless you have a Nexus phone, chances are you never got that fix, since manufacturers and carriers are worse at pushing updates than ever before...
Permalink  |
photo
Daw8it
Four years in & created more jobs than Bush
67 Fans
 
12:18 AM on 05/19/2011
I love my iPhone!
Permalink  |
photo
HUFFPOST COMMUNITY MODERATOR
Daws
Wants to go to there.
154 Fans
10:55 AM on 05/19/2011
I love your iPhone too.
Permalink  |
This user has chosen to opt out of the Badges program
photo
Thomas River
My micro-bio is now half-full.
776 Fans
10:43 PM on 05/18/2011
25 years of cell phones and no need for a Mobile McAfee.

Then along comes Android.....
Permalink  |
photo
Sizzmo
35 Fans
11:59 PM on 05/18/2011
huh? Does Mcafee even have a mobile version? and why blame Android?
Permalink  |
This user has chosen to opt out of the Badges program
photo
Thomas River
My micro-bio is now half-full.
776 Fans
07:59 AM on 05/19/2011
First, the article is about the Android.

And Second, there are a number of spy/malware detection companies now writing for Android.
Permalink  |
TravisB828
4 Fans
 
01:42 AM on 05/19/2011
This is nothing new. The first mobile phone worm was spread through Bluetooth and infected devices running the Symbian OS. Security is about trust and setting your level of acceptable risk. The truth is that nothing will be 100% secure and fail-proof. That is why you see things like this in the EULA

THE APPLE SOFTWARE IS NOT INTENDED FOR USE IN THE OPERATION OF NUCLEAR FACILITIES, AIRCRAFT NAVIGATION OR COMMUNICATION SYSTEMS, AIR TRAFFIC CONTROL SYSTEMS, LIFE SUPPORT MACHINES OR OTHER EQUIPMENT IN WHICH THE FAILURE OF THE APPLE SOFTWARE COULD LEAD TO DEATH, PERSONAL INJURY, OR SEVERE PHYSICAL OR ENVIRONMENTAL DAMAGE.
Permalink  |
photo
HUFFPOST SUPER USER
WSAY
Res ipsa loquitur
944 Fans
10:02 PM on 05/18/2011
The iPhone had an antenna problem. With Android, however, all your personal data gets shared with the world. Where are all those Android pundits now?
Permalink  |
This user has chosen to opt out of the Badges program
photo
Krek
507 Fans
10:29 PM on 05/18/2011
The antenna problem on the iPhone was a hardware problem and the result of poor design. Apple didn't take into account different usage situations. This exploit only occurs "when apps connect to Google's servers via unencrypted Wi-Fi networks."

For this exploit to affect any of the ‘99% of Android users’ mentioned in this article, they would have to

a) (if they were at home) turn off the encryption on their Wi-fi router, which comes as standard on all routers. To do this they would have to click past several warnings telling them that what they are doing will put their privacy at risk, and that their information may be seen by anyone
b) (if they were using another network) they would have to connect to a network that the phone would recognize as unsecure, and which the phone would tell them risked their privacy by not encrypting the data they were sending.

So, to be clear, for an Android-user to be one of these “99%” they would have to choose to ignore warnings telling them not to do something and then go ahead and do it. In circumstances like that, if their information is exploited the blame doesn't lie with Google. It’s lies with the user, because the user is obviously an i.diot.
Permalink  |
photo
HUFFPOST SUPER USER
CaptainObvvious
Calling me a liberal is a compliment!
689 Fans
08:36 AM on 05/19/2011
Why then is it only an issue with Android and not with any other mobile OS?

This is a typical attempt to explain away a problem. Its is akin to the deriding people give the iPhone by saying "You're holding it wrong"

It isn't the best idea to be on an unsecured WiFi but that alone shouldn't compromise you like this. The fault doesn't rest with the user it rests with Google. This flaw should be and will be fixed but you can't blame a security flaw on the user.
Permalink  |
HUFFPOST SUPER USER
menschmaschine5
31 Fans
11:27 PM on 05/18/2011
Also, it wouldn't be such a problem if carriers and manufacturers would actually push updates to phones when they come out instead of taking months to add manufacturer skins and carrier bloat. This was fixed on Nexus phones a long time ago.
Permalink  |
photo
HUFFPOST SUPER USER
CaptainObvvious
Calling me a liberal is a compliment!
689 Fans
08:37 AM on 05/19/2011
Its true.

Even brand new Android phones that haven't even been released are running old versions of the OS.

This security flaw will be fixed and probably quickly but when will that fix get passed on to the consumer? weeks, months, never?
Permalink  |
photo
Pectin
Lie to me...
105 Fans
 
09:50 PM on 05/18/2011
Gaping? That's a tad strong, ain't it?
Permalink  |
photo
HUFFPOST SUPER USER
WSAY
Res ipsa loquitur
944 Fans
10:02 PM on 05/18/2011
Yeah. Let's minimize the problem.
Permalink  |
photo
Pectin
Lie to me...
105 Fans
 
10:11 PM on 05/18/2011
Another article I just read suggests that this particular problem is oveblown, just as the iPhone "tracking" thing awhile back. Exaggeration is exaggeration, whether it's about your product of choice, or not.
Permalink  |
photo
SanityForOnce
22 Fans
12:28 AM on 05/19/2011
If the headline doesn't say "gaping", would anyone bother to read it? ;-)
Permalink  |