Google Patches Security Issues Prior to Droid Bionic Release

Jay Decenella, IT audit expert
September 02, 2011 /

Before the much-celebrated release of Droid Bionic this month by Google-acquired Motorola, the search giant has already patched security issues with its Web browser following attempts of SSL man-in-the-middle (MITM) attacks against Google users.

Google has spotted “someone who tried to get between them and encrypted Google services” that affected the people in Iran. According to Heather Adkins, Information Security Manager at Google Inc., the attacker used a fraudulent SSL certificate issued by DigiNotar, a root certificate authority that should not issue certificates for Google.

Luckily, Google Chrome users were protected from this attack because the browser was able to detect the fraudulent certificate, Adkins added.

“To further protect the safety and privacy of our users, we plan to disable the DigiNotar certificate authority in Chrome while investigations continue,” Adkins said.

DigiNotar has since revoked the digital certificate.

Google has been facing so many security problems of late, not least the attacks orchestrated by hacker group Anonymous. And while the Droid Bionic breakthrough, which has a 1.2 GHz dual-core Exynos processor, 1 GB of RAM and 16 or 32 GB of storage – features that are said to topple Apple’s iPhone 5 – is remotely connected to Google, though it has already acquired Motorola in a $12.5 billion bid, the patch is a welcome move.

Meanwhile, Mozilla also moved to protect its users by alerting them if they try to visit Web sites that use DigiNotar certificates.

In a statement, Mozilla said: “Users on a compromised network could be directed to sites using a fraudulent certificate and mistake them for the legitimate sites. This could deceive them into revealing personal information such as usernames and passwords.

“It may also deceive users into downloading malware if they believe it’s coming from a trusted site. We have received reports of these certificates being used in the wild.”

Microsoft has done the same thing.

“We continue to work with the certificate authority to understand the scope of this issue, and have taken steps to further help protect customers by removing the DigiNotar root certificate from the list of trusted root certificates on Windows,” it said.

“Web sites with certificates issued by DigiNotar will no longer be trusted by Windows Vista and above. This protection is automatic and no customer action is required.”

“To help deter unwanted surveillance, we recommend that users, especially those in Iran, keep their web browsers and operating systems up to date and pay attention to web browser security warnings,” Adkins said.

 

Share your opinion