Google Rolling Out Fix For Wi-Fi Security Vulnerability To All Affected Android Devices



Well, that only took one media firestorm. Google, in response to widespread reports of a potential credential security holein Android (which not only affects Android, but any OS using authTokens), is starting to roll out a fix for the public Wi-Fi vulnerability to all affected Android devices today. Google’s statement, below:
Today we’re starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts. This fix requires no action from users and will roll out globally over the next few days.
The vulnerability could only be exploited on public Wi-Fi networks – either by a sniffing attack, or SSID spoofing (a much more common method), and allowed an attacker to take a user’s authToken for a particular service (eg, Calendar, Twitter, Facebook, etc.), and then use it to log in to the respective service and engage in whatever unscrupulous behavior they so desired.
The hole has already been plugged in Gingerbread 2.3.3, as well as in Honeycomb, but the number of Android devices running those versions of the OS is obviously miniscule. Clarification: The fix is going out server side – meaning local authTokens will be erased and replaced with new (secure) ones upon logging back in to the affected service. Thanks to commenters for pointing this out.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

LINK TO OUR HOME PAGE :
Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info. Thank You ! -Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You! -Team VOGH

Categories:

0 comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...