18
May
26-Android-security_thumb

[Updated] Google Rolling Out Fix For Wi-Fi Security Vulnerability To All Affected Android Devices

Posted by in Android OS, Development, News, Tips & Tutorials

Well, that only took one media firestorm. Google, in response to widespread reports of a potential credential security hole in Android (which not only affects Android, but any OS using authTokens), is starting to roll out a fix for the public Wi-Fi vulnerability to all affected Android devices today. Google's statement, below:

Today we’re starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts. This fix requires no action from users and will roll out globally over the next few days.

The vulnerability could only be exploited on public Wi-Fi networks - either by a sniffing attack, or SSID spoofing (a much more common method), and allowed an attacker to take a user's authToken for a particular service (eg, Calendar, Twitter, Facebook, etc.), and then use it to log in to the respective service and engage in whatever unscrupulous behavior they so desired.

17
May
26-Android-security

Security Vulnerability In Most Versions Of Android Allows Attackers To Steal Your Login Credentials

Posted by in Android OS, News

Regardless of where you sit in the tech world, there is one thing that affects us all: security vulnerabilities. Unfortunately, our little green robot is no exception this rule, and The Register recently dropped a report on a potentially bad exploit.

Apparently, in Android 2.3.3 and below, there is a vulnerability that would allow attackers to collect digital tokens that are stored on the device after users login to Google Calendar, Facebook, Twitter, and "several other accounts."

Here's how it works: when you login to an account, an authToken is stored locally on your device for 14 days, allowing you to re-access the service without hassle.