Android Wi-Fi Vulnerability to be Silently Patched


Up until Gingerbread 2.3.4, Android sent authTokens for Contacts, Calendars, and Picasa in clear text. An “authToken”, as you’d expect, is an “authorization token”. It’s essentially your username and password rolled into one which authorizes your login to a particular service — and it does so without having to send either username or password to do so. With me so far?

That’s fine as long as you’re on an encrypted and trusted network, but if you have someone (or something, like a Trojan) on your encrypted network, or if you’re using an unencrypted network (like a public Wi-Fi access point), your authorization token is sent in the clear. Put simply, a person on that network could sniff our your authToken and have access to your personal information.

Android Gingerbread 2.3.4 already addresses the problem, but all the other versions of the OS are at risk.

Google is already hard at work putting a fix together — you will probably have it on your device within the next few days. What’s more, the fix will be applied via a “stealth update” meaning neither you nor your carrier will have to do anything to deliver or apply the patch. You probably won’t even know that it’s been applied.

Currently, the fix will work for Contacts and Calendars, but fixing the problem on Picasa will take some more time.

Source: Gizmodo

Share This Post
What's your reaction?
Love It
Like It
Want It
Had It
Hated It
About The Author
Joe Levi
Joe graduated from Weber State University with two degrees in Information Systems and Technologies. He has carried mobile devices with him for more than a decade, including Apple's Newton, Microsoft's Handheld and Palm Sized PCs, and is Pocketnow's "Android Guy". By day you'll find Joe coding web pages, tweaking for SEO, and leveraging social media to spread the word. By night you'll probably find him writing technology and "prepping" articles, as well as shooting video. Read more about Joe Levi here.