ID: IRCNE2011051117
Date: 2011-05-21
“CNET” reports that Google has plugged an Android hole that could have allowed someone to snoop on an unencrypted Wi-Fi network and access calendar and contact data on the smartphones.
"Today we're starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third-party access to data available in Calendar and Contacts, this fix requires no action from users and will roll out globally over the next few days." a Google spokesman said in a statement.
Basically, the fix forces all Android devices to connect to Google Calendar and Contacts servers over https, so that someone snooping on an unprotected wireless network won't be able to grab authentication tokens used by the operating system to validate devices.
The latest release of Android, 2.3.4 for smartphones and 3.0 for tablets, did not have the issue. But the fact that more than 99 percent of Android device owners are still using older versions was likely a factor in Google's decision to expedite a fix.
- 13