Google has announced today that it is currently fixing an Android security flaw that was brought to the public’s attention last week by German researchers.
The group explained on Friday that some Google account authentication tokens were apparently being sent OTA unencrypted, leaving users with their data freely available if they were on public Wi-Fi.
Hackers using simple software could steal account info for Google Calendar, Contacts and Picasa accounts.
Users with Android 2.3.4 are free of the issue, but 98.4 percent of Android devices run Android 2.3.3 or lower, making the fix useless for the vast majority.
Google has begun rolling out the server-side patch this week for Android 1.5 - 2.3.3, and it will be completed by the end of the week.
Says Google, via CW:
Today we’re starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts. This fix requires no action from users and will roll out globally over the next few days.
Result for: third party
Following many reports that Sony’s latest PlayStation 3 firmware update, version 3.50, blocks third-party controllers, popular accessory maker Mad Catz has said it will replace any affected controller.
That being said, Mad Catz says that “all Mad Catz products will continue to function” even after the update, with the exception of a few models from 2008 and earlier.
3.50, as reported by angry PS3 owners, blocks third party peripherals, accessories and USB storage devices.
Sony’s response was that the ban would block “dangerous counterfeits,” mainly controllers that Sony says have a chance of exploding. Most seem to think the move is a way to stop more products from being used to jailbreak the console.
Users have claimed that Mad Catz’s 2008 Wireless PS3 GamePad, 2008 Wired PS3 GamePad and PS3 Wireless MicroCon have all ceased working after the update.
Says the accessory maker: “Mad Catz would like to take this opportunity to put gamers’ minds at ease. With the exception of a small quantity of controllers sold before 2008, we believe that all Mad Catz products will continue to function as they did prior to the 3.50 Firmware update.”
“Any consumer who owns a Mad Catz product and is experiencing an issue, including an issue with the PlayStation 3 Firmware update should contact Mad Catz customer services. Providing the product is within warranty, Mad Catz will be happy to offer a suitable replacement.”
Result for: third party
The German top court has ruled this week that Internet users must password-protect their Wi-Fi, or face a fine if someone accesses their connection and then downloads music or movies illegally.
Those with unsecured connections face up to a 100 euro fine if “a third party takes advantage” and is then caught doing so.
“Private users are obligated to check whether their wireless connection is adequately secured to the danger of unauthorized third parties abusing it to commit copyright violation,” reads the court decision.
With that being said, the court did say the users were not responsible for the illegal content downloaded by those accessing their unsecured connections.
Additionally, the court said users would only be expected to add a password when they first set up their router, and not need to constantly update to the latest protections as they become available.
The ruling followed a lawsuit filed by a musician who sued an individual user for illegally downloading his music. The user proved he was away on vacation when the music was downloaded, but did admit he had unsecured Wi-Fi.
