Android Security Flaw Compounded By Slowness To Release Updates

A wide swath of Android phones have a security vulnerability that could allow attackers to steal login information for certain Google (NSDQ: GOOG) accounts when the phones are connected to compromised Wi-Fi hotspots.
As published by researchers at the University of Ulm in Germany and noted by The Register, Android contains a flaw in which login details for services like Google Calendar and Gmail can be seen by someone with bad intent controlling a Wi-Fi hot spot when an Android phone connects to that network. Google patched the vulnerability with the release of Android 2.3.4, according to The Register, but given the glacial pace at which Android partners roll out new updates to their phones, that means nearly all Android phones outside of a few Nexus devices are running unpatched software.
The vulnerability highlights the dangers of connecting to insecure wireless access points, but millions do so every day at coffee shops, airports, and other public places. It wouldn’t be hard for an attacker to spoof such a hotspot and obtain login details, contact details, or even private photos, according to the researchers.
And unlike a PC-based vulnerability, where a software company can patch the hole and encourage users to download it as soon as it becomes available, Google and its mobile users are stuck on the update schedule of their carrier and handset maker. Last week at Google I/O plans to form a group tasked with figuring out a better way forward for Android software updates were released, and incidents like this vulnerability show that the Android community needs to figure out some kind of system, and fast.