99 percent of Android phones are susceptible to impersonation attacks. The bad news: Google has confirmed that the problem does exist. The good news: Google is also fixing the problem, starting today, and it shouldn’t require any action on your part.
The security issue, discovered this week by German researchers, could potentially give attackers access to personal accounts by playing on an exploit in Android’s ClientLogin API. Certain bits (namely, the uniquely generated authToken that services use to identify users) were transmitted in plaintext, allowing hackers to masquerade as others by plucking said bits out of the air on shared wireless networks. In response, Google is releasing a server-side patch to address the problem across all version of Android OS.
Google’s official statement to computerworld read, “Today we’re starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts. This fix requires no action from users and will roll out globally over the next few days.”
[via TNW]