Google: Android security fix to roll out over next few days
Google on Wednesday began fixing a security flaw that affects some 97% of Android smartphones.
The fix, which addresses a hole allowing hackers to access the contacts, calendars and photos on an Android phone connected to an open Wi-Fi network, will take a few days to cover every phone, a Google spokesman said.
Unlike a traditional software update, the problem exists on Google's servers, so Android users won't need to manually take action.
The newest versions of Android, including the new wave of tablets running its Honeycomb software, are not affected by the bug, according to the researchers at Ulm University who initially reported the issue.
Newer Android software that has a feature for synchronizing photos to Google's Picasa Web Albums service is also vulnerable. Google does not yet have a solution for that, but a spokesman said the company is investigating the matter.
The server fix involves switching its login systems to a more secure protocol. Use of the less secure method is a common practice on the Web, as CNN reported in November.
Google's swiftness in patching its network is laudable, but the company doesn't seem to have an adequate solution for a time when such a problem could only be fixed in each handset's software, said Adrian Turner, the CEO of device security firm Mocana.
"We don't think there's enough being invested proactively to address some of these threats," Turner said. "You want to avoid the oil spill in the first place."
Google recently acknowledged that its procedure for issuing Android software updates needs work, and formed a consortium of cellular carriers and hardware manufacturers to address the problem.
source
The fix, which addresses a hole allowing hackers to access the contacts, calendars and photos on an Android phone connected to an open Wi-Fi network, will take a few days to cover every phone, a Google spokesman said.
Unlike a traditional software update, the problem exists on Google's servers, so Android users won't need to manually take action.
The newest versions of Android, including the new wave of tablets running its Honeycomb software, are not affected by the bug, according to the researchers at Ulm University who initially reported the issue.
Newer Android software that has a feature for synchronizing photos to Google's Picasa Web Albums service is also vulnerable. Google does not yet have a solution for that, but a spokesman said the company is investigating the matter.
The server fix involves switching its login systems to a more secure protocol. Use of the less secure method is a common practice on the Web, as CNN reported in November.
Google's swiftness in patching its network is laudable, but the company doesn't seem to have an adequate solution for a time when such a problem could only be fixed in each handset's software, said Adrian Turner, the CEO of device security firm Mocana.
"We don't think there's enough being invested proactively to address some of these threats," Turner said. "You want to avoid the oil spill in the first place."
Google recently acknowledged that its procedure for issuing Android software updates needs work, and formed a consortium of cellular carriers and hardware manufacturers to address the problem.
source
No comments: