A team of security researchers from the University of Ulm (Germany) this week revealed the existence of a major flaw in the way Android, the operating system for mobile and Google bars, manages the multiple authentication services. The flaw could allow third parties to connect to the Google account user without his knowledge.
The vulnerability comes from how Android handles "tokens", the digital equivalent of an emergency key which avoids having to continually reconnect to a service. Up to version 2.3.4 of Android, calendar and contacts sync automatically phones using these tokens to connect to a Wi-Fi already known.
By setting up a Wi-Fi parallel third can theoretically recover those keys back and connect to the Google Accounts that attempt to connect to the network. Pending a fix for this vulnerability, researchers recommended to pass, if possible, to version 2.3.4 of Android, and disable the automatic synchronization of contacts on the Wi-Fi open (in the menu Preferences). 
The vulnerability comes from how Android handles "tokens", the digital equivalent of an emergency key which avoids having to continually reconnect to a service. Up to version 2.3.4 of Android, calendar and contacts sync automatically phones using these tokens to connect to a Wi-Fi already known.
By setting up a Wi-Fi parallel third can theoretically recover those keys back and connect to the Google Accounts that attempt to connect to the network. Pending a fix for this vulnerability, researchers recommended to pass, if possible, to version 2.3.4 of Android, and disable the automatic synchronization of contacts on the Wi-Fi open (in the menu Preferences).
- Barnes & Noble Updates NOOK for Android OS (18/05/2011)
- "Researchers Find Android Security Vulnerability" and related posts (17/05/2011)
- Amazon has "entire line" of Android devices on the way, says tipster (17/05/2011)
- Nvidia Chief Foresees Android Tablets Giving Apple iPads Stiff Competition (18/05/2011)
- Seven Steps to a Faster Android (Video) (17/05/2011)
No comments:
Post a Comment