Currently 99% of Android handsets are vulnerable to impersonation attacks. This security flaw discovered in Google’s Android operating system is now being fixed for all users.
The flaw was discovered by a team of German researchers who demonstrated how certain Google account authentication tokens were being sent over-the-air unencrypted, potentially putting users at risk when transmitting data over public Wi-Fi networks. The flaw potentially could enable attackers to hijack tokens used to access Google Calendars, Google Contacts, Google Picasa, and a number of other services available within Google’s Android operating system.
The issue had already been fixed in the most recent Gingerbread release, Android 2.3.4, but 99 percent of Android phones are not yet running those versions putting majority of these phones at risk.
Regarding the security issue, official Google statement stated “Today we’re starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts. This fix requires no action from users and will roll out globally over the next few days.”
It may be advisable to avoid using Google Contacts, Calendar, or Picasa while connected to a public Wi-Fi which is open to all until Google confirms that the issue has been 100 percent fixed.
source: computerworld