Two days ago, a group of German scientists made public the fact that a Google authentication protocol flaw.
The flaw makes it possible for malicious individuals to sniff out authentication tokens, impersonate the great majority of Android users and thus to have access to their private information stored on Google's servers.
Intercepting these tokens was made possible by the fact that they were sent over unencrypted HTTP.
Google reacted quickly and, according to the BBC, is currently in the process of fixing the flaw. The Internet giant has also announced that the fix will not require any action from users and that it will be rolled out globally over the next few days.
On a closely related note, Google's CEO Eric Schmidt hasannounced that the company will simplify the process through which Android users and users of various Google services have to pass when signing up and by which they agree to share their personal data.
He also said they were working on a greater degree of transparency when it comes to users being able to see what data they have shared with Google.
The flaw makes it possible for malicious individuals to sniff out authentication tokens, impersonate the great majority of Android users and thus to have access to their private information stored on Google's servers.
Intercepting these tokens was made possible by the fact that they were sent over unencrypted HTTP.
Google reacted quickly and, according to the BBC, is currently in the process of fixing the flaw. The Internet giant has also announced that the fix will not require any action from users and that it will be rolled out globally over the next few days.
On a closely related note, Google's CEO Eric Schmidt hasannounced that the company will simplify the process through which Android users and users of various Google services have to pass when signing up and by which they agree to share their personal data.
He also said they were working on a greater degree of transparency when it comes to users being able to see what data they have shared with Google.
No comments:
Post a Comment