Sections

Google rolls out fix for Android security flaw

Calendar and contacts exploits already addressed, as patch due in "next few days"

An automatic fix for a serious security issue in the Android OS has begun to roll out for smartphones, as Google tries to assure users that no action is needed on their part.

"Today we're starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts," said Google in a statement. "This fix requires no action from users and will roll out globally over the next few days."

The flaw was identified by a research team at Ulm University in Germany and affects 99.7 per cent of smartphone users with Android. The flaw potentially allows hackers access to the calendar, contacts information, and private web albums.

The calendar and contacts exploits were fixed on the same day as they were reported, with the forthcoming patch addressing the other issues.

The university team has stressed that the flaw does not involve any database of information, as with the recent PlayStation Network security scandal, and so far there have been no reports of problems from users.

"We wanted to know if it is really possible to launch an impersonation attack against Google services and started our own analysis," said researchers Bastian Könings and Jens Nickels.

"The short answer is: Yes, it is possible, and it is quite easy to do so. Further, the attack is not limited to Google Calendar and Contacts, but is theoretically feasible with all Google services using the ClientLogin authentication protocol for access to its data APIs."

The team also discovered that some Android applications transmit unencrypted data.

Related stories

Google Play: Gender bias in mobile gaming needs to change

"Change the Game" initiative launched as survey finds 47% of most active male gamers would prefer not to play with women

By Brendan Sinclair

YouTube introduces Twitch-style sponsorship service for streamers

Trials of the $4.99 per month model have proven successful as platform abandons paid channel service

By Haydn Taylor

Latest comments

Sign in to contribute

Need an account? Register now.