GCN LAB IMPRESSIONS
Google's handling of Android flaw should be a lesson for Sony
- By John Breeden II
- May 19, 2011
It almost seems like we aren’t safe anywhere these days. After hackers invaded my favorite gaming system, the PlayStation 3, I was shocked. Now it looks like there is a huge problem with my Android phone. Is nothing sacred?
However, where Sony totally dropped the ball on getting the word out about security, Google is running fast and hard to head off even the potential of problems associated with Android phones.
In the case of the Android, your phone is only vulnerable in limited circumstances. Specifically, if you connect your phone over an unsecured wireless network, a hacker can sniff out that data and then directly access your data. They would be limited to viewing or changing your calendar data, viewing your photos and stealing your contacts. Everything else would be safe.
Oddly enough, if you have the latest version of the Android OS, 2.3.3, you are immune to this problem, which was first discovered by researchers at Ulm University in Germany, and thankfully not by malicious hackers. That older OSs are in trouble is typical of things on the PC side, where older versions of operating systems are often susceptible to worms and hacks that have long since been patched.
The problem with Android phones is that most people don’t upgrade the OS. In fact, if you look at the number of users, you might be surprised to learn that the vast majority of them, as of the writing of this column, are at least two full versions behind the current one. Some are still using the version of the OS that shipped with their devices at launch years ago!
The reason for the heavy backlog on upgrades is that, although most people love their Android phones, the update process is a bear and a half. It takes forever to upgrade to the latest OS, so after doing it once, people don’t want to try it again. Why stick your hand into a fire twice? Thankfully, Google found a way to fix this current problem without requiring an update. They simply required that calendar and other apps use an HTTPS connection instead of the unsecured HTTP one they use now. No need to do anything. You will be protected in a few days even if you have an older OS version.
So a big thanks to Google for taking security seriously, and for doing everything right. Contrast their actions with how Sony bungled their hack, and you’ll see why the Android platform has such a following.
The bottom line, though, is that you’re really not safe anywhere. Hope for the best but fear the worst. And plan accordingly.
John Breeden II directs the GCN Lab.