There’s been another security snag; and this time it has affected people from world over at one go. The default Google apps on Android are leaking user’s credentials and information potentially allowing others to access users’ contacts, calendar, and private photos.
The Ulm University in southern Germany has conducted a research which has brought forth the aforementioned results. This flaw affects an estimated 98 percent of Android users. There are 100 million activated Android devices and 400,000 new devices activated every day. In this light, the threat endangers the personal lives of many as well the business interests of a few.
The researchers tested many Android versions and discovered that those using Android versions older than Android 2.3.4 (Gingerbread) are completely susceptible. According to Google, the devices that accessed the Android Market till May 2 this year, 99.7% of those ran versions older than Gingerbread.
Mike Paquette, Chief Strategy Officer at Top Layer Security feels that Google is dealing with a serious vulnerability and users could lose a lot of classified information. But he does not think it is the catastrophe it is being made to be as the attacker would need some physical proximity with the victim to steal the authentication tokens that enable theft. “This attack is similar to another known technique called ‘session ID stealing,’ where attackers could gain access to a user’s e-mail account by ‘stealing’ an active session ID by ‘listening’ on a public Wi-Fi network“, Paquette said.
The engineers at Google worked hard to fix this gaping hole on their platform. Late last week, Google responded with an official statement, “Today we’re starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in Calendar and Contacts. This fix requires no action from users and will roll out globally over the next few days“. It’s a good thing that they could fix this issue on the server-end without requiring firmware updates because we know how notoriously slow manufacturers and carriers are at rolling out these updates. Since started the roll out last week, so we’re hoping that they’ve finished rolling these out globally.
Even though they’ve identified the problem and fixed it, mobile and laptop users should stay away from using open public Wi-Fi networks. Who knows what else people who are snooping around these networks can gather based on what data your phone is sending out. If your apps use a non-secure http connection instead of the secure encrypted https connection to exchange data with the server, any information the app is sending out can be intercept and stolen by anyone snooping on these networks.