Patch for Android authentication flaw only fixes part of the problem

first_imgVery recently, researches uncovered a rather serious security flaw affecting around 99 percent of all Android devices. Issues with the way authentication tokens are stored and transmitted on Android versions older than 2.3.4 (which is the overwhelming majority of users at the moment) made it possible for cybercriminals to intercept those tokens on unsecured wireless connections. By impersonating a familiar hotspot, an attacker merely needs to sit back and wait for unsuspecting Android users to connect and log in to affected services.Today, however, it was announced that Google was moving quickly to address the flaw, and, since the company is implementing a server-side fix, no action by end users is required. It’s believed that tokens served after the change will be encrypted before being sent to and stored on an Android device.  The patch will begin rolling out today and should shore things up with Google Docs and Google Calendar, but it’s not totally eradicating the problem as reported by some outlets.The Picasa vulnerability is still present in Android 2.3.4 and it remains unpatched for the time being. Google has told ComputerWorld’s JR Raphael that engineers are still investigating that particular issue, but no timetable was given for a possible fix.AdChoices广告To prevent any stored authentication data on your device from being exposed to an attacker, make sure you’re only connecting to encrypted wireless access points or using your phone’s 3G or 4G data connection. Connecting to an open access point is never a good idea, and that’s especially true for those of you with an Android device — at least until the authentication token issue is totally locked down.last_img

Leave a comment

Your email address will not be published. Required fields are marked *