Very recently, researches uncovered a rather serious security flaw affecting around 99 percent of all Android devices. Issues with the way authentication tokens are stored and transmitted on Android versions older than 2.3.4 (which is the overwhelming majority of users at the moment) made it possible for cybercriminals to intercept those tokens on unsecured wireless connections. By impersonating a familiar hotspot, an attacker merely needs to sit back and wait for unsuspecting Android users to connect and log in to affected services. Today, however, it was announced that Google was moving quickly to address the flaw, and, since the company is implementing a server-side fix, no action by end users is required. It’s believed that tokens served after the change will be encrypted before being sent to and stored on an Android device. The patch will begin rolling out today and should shore things up with Google Docs and Google Calendar, but it’s not totally eradicating the problem as reported by some outlets.
The Picasa vulnerability is still present in Android 2.3.4 and it remains unpatched for the time being. Google has told ComputerWorld’s JR Raphael that engineers are still investigating that particular issue, but no timetable was given for a possible fix.
netizens left a footprint.