Business
Major Security Flaw Found In Android Phones
A significant security hole has been discovered in Google’s Android operating system for smartphones, which can allow attackers to gain access to users’ personal information without their permission, the CNN has reported
The flaw, which was discovered by three research assistants at Ulm University in the southern part of Germany, affects approximately 97 per cent of Android users.
In a recent blog post, the researchers found that users of Android devices running versions 2.3.3 and below could be susceptible to attack when they are connected to unencrypted Wi-Fi networks. Anyone else on that network could gain access to, modify or delete Android users’ calendars, photos and contacts.
“It is quite easy,” the researchers wrote in a blog post. “The implications of this vulnerability reach from disclosure to loss of personal information.”
A spokesman for Google said the company is aware of this issue, and a fix is already in place for the calendar and contacts applications in the latest versions of Android, codenamed “Gingerbread” and “Honeycomb.” A solution is also in the works for Google’s Picasa photo sharing service, he said.
Only about 3 per cent of Android users have the latest versions of the operating system, but Google said Android users running older versions will get a fix “in the next few days.” Users don’t need to take any action, and the patch will roll out globally.
The security flaw stems from Google making use of unencrypted login protocol for the affected services. By using HTTP, rather than the more secure HTTPS, “an adversary can easily sniff the login information,” according to the blog post.
The kind of attack that can be performed on Android devices over unencrypted Wi-Fi networks is similar to so-called “Sidejacking” attacks on Facebook or Twitter. For instance, Firesheep, a free Firefox extension that collects data broadcast over an unprotected Wi-Fi network, allows users to gain access to other people’s Facebook accounts.
Though the researchers found that any unsecured application making use of an Android user’s photos, contacts or calendars could be compromised, the data an attacker can gain access to is limited to those three groups. The security bug does not, for example, allow intruders to view a user’s e-mails.
Google was able to fix the problem on its end by requiring an HTTPS connection for calendar and contacts synchronisation. By solving the problem on its own servers, Google was able to get around a notoriously slow Android update process: after Google updates the code, manufacturing partners and carriers then manipulate the code for each device.
As a result, the vast majority of Android users are still running “Froyo,” which launched in May 2010. A quarter of users are still on “Eclair,” which came out all the way back in January of last year.
That means a patch for the security hole could have been months or years away for many Android users had Google not found a workaround.
In addition to switching to HTTPS, the researchers also suggested Google prevent Android devices from automatically remembering and logging onto unencrypted Wi-Fi networks. Google did not say whether it had taken any of those steps.
The Central Bank of Nigeria (CBN) has revised its cash withdrawal rules, discontinuing the special authorisation previously permitting individuals to withdraw N5 million and corporates N10 million once monthly, with effect from January 2026.
In a circular released Tuesday, December 2, 2025, and signed by the Director, Financial Policy & Regulation Department, FIRS, Dr. Rita I. Sike, the apex bank explained that previous cash policies had been introduced over the years in response to evolving circumstances.
However, with time, the need has arisen to streamline these provisions to reflect present-day realities.
“These policies, issued over the years in response to evolving circumstances in cash management, sought to reduce cash usage and encourage accelerated adoption of other payment options, particularly electronic payment channels.
“Effective January 1, 2026, individuals will be allowed to withdraw up to N500,000 weekly across all channels, while corporate entities will be limited to N5 million”, it said.
According to the statement, withdrawals above these thresholds would attract excess withdrawal fees of three percent for individuals and five percent for corporates, with the charges shared between the CBN and the financial institutions.
Deposit Money Banks are required to submit monthly reports on cash withdrawals above the specified limits, as well as on cash deposits, to the relevant supervisory departments.
They must also create separate accounts to warehouse processing charges collected on excess withdrawals.
Exemptions and superseding provisions
Revenue-generating accounts of federal, state, and local governments, along with accounts of microfinance banks and primary mortgage banks with commercial and non-interest banks, are exempted from the new withdrawal limits and excess withdrawal fees.
However, exemptions previously granted to embassies, diplomatic missions, and aid-donor agencies have been withdrawn.
The CBN clarified that the circular is without prejudice to the provisions of certain earlier directives but supersedes others, as detailed in its appendices.
-
Business1 day ago
Shippers Council Vows Commitment To Security At Nigerian Ports
-
Business1 day agoNigeria Risks Talents Exodus In Oil And Gas Sector – PENGASSAN
-
Business1 day ago
CBN Revises Cash Withdrawal Rules January 2026, Ends Special Authorisation
-
Business1 day ago
NCDMB, Others Task Youths On Skills Acquisition, Peace
-
Business1 day agoFIRS Clarifies New Tax Laws, Debunks Levy Misconceptions
-
News1 day agoTinubu Swears In Christopher Musa As Defence Minister
-
online games2 days agoHow Pocket Option Works: A Complete Beginner’s Guide
-
Women1 day agoRIVERS NAWOJ AND PHACCIMA PARTNER TO STRENGTHEN MUTUAL GOALS