Researchers in Germany recently discovered a small problem with Google’s Android smartphone operating system, one that affects around 97% of Android users and could make their personal info available to evil bastards.
According to CNN:
Android devices running versions 2.3.3 and below could be susceptible to attack when they are connected to unencrypted Wi-Fi networks. Anyone else on that network could gain access to, modify or delete Android users’ calendars, photos and contacts.
Specifically, the problem is that Android’s Calendar, Contacts and Picasa apps use the less secure HTTP instead of HTTPS. This means that someone using software to capture data over an unsecured WiFi network can potentially grab this information.
“It is quite easy,” wrote the researchers. “The implications of this vulnerability reach from disclosure to loss of personal information.”
The researchers say that this bug does not affect the security of the e-mail on users’ Android devices.
CNN spoke to a Google rep that said the company is aware of the problem and has a fix is in place for the calendar and contacts applications in the “Gingerbread” and “Honeycomb” versions of Android. Alas, only about 3% of Android users are running those newest versions of the OS.
But Google says there will be a fix coming for the more prevalent versions of the Android OS “in the next few days.”
Security hole found in Android; Google says it’s covered [ChicagoBreakingBusiness.com]