Join the Talk | 70,050 members - 273,216 posts Advertise | Have a scoop? Tip us!

T-Mobile G1 browser security flaws revealed

25 October 2008 by Staff Editor


Worth Reading?

NoYes

+1 [3 votes]

With the T-Mobile G1 only being out for a few days, a group of security researchers have already found a serious flaw in the Android software by Google. It appears that the G1 is threatened by many of the same security threats that personal computer owners face. We are not surprised that something such as this was found in the first device of its kind, the iPhone, being the second of its kind still has security flaws despite having several updates.

Charles A. Miller, a former National Security Agency computer security specialist, notified Google of this security flaw this week and said he was not publicizing it because he believes that in general phone users are not aware that smartphones face the same threats that plague PCs connected to the internet. Miller said, the flaw could be used by an attacker to trick a G1 user into visiting an unsafe Website.

Google acknowledge the security issue and say the security features of the phone will limit the extent of damage that could be done, compared with today’s PCs and other phones. Unlike computers and advances smartphones such as the iPhone, Android creates a series of compartments that limit access by intruders to a single application. Google security engineer, Rich Cannings said, “We wanted to sandbox every single application because you can’t trust any of them,”

Miller says the security flaw is in the web browser partition of the phone, making it possible for an intruder to install programs that can capture keystrokes made on the phone. This would make it easy for someone to steal personal information such as credit card numbers, usernames and passwords that are entered on Webpages.

Google executives say that they believe Miller has violated an unwritten code between companies and researchers that gives companies time to fix problems before they are publicized. Miller said he is withholding technical details, he believes that customers have a right to know that these products have security flaws. We feel he did the right thing in bringing such a large security flaw to our attention rather than keeping it from G1 users.

[Via NewYork Times]

  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • Slashdot
  • SphereIt
  • Technorati
  • blogmarks
  • Blogosphere News
  • email
  • NewsVine
  • StumbleUpon
  • FriendFeed
  • Live
  • Reddit
  • Twitter
  • Wikio
  1. almightyA's Avatar almightyA
    10-25-2008 04:16 PM
    pretty sure this has already been posted?
  2. refused9150's Avatar refused9150
    10-25-2008 04:26 PM
    Doesn't matter does it?
  3. NismoG35's Avatar NismoG35
    10-25-2008 06:41 PM
    Thats ok, this is google. Given that its thier first OS on a phone and the spotlight is on them and Tmobile for releaseing the G1, i bet theyu will release a patch to this pretty soon. So for all the people out thier that havent received RC24 yet, dont worry something newer is comeing out sooner rather then later.

    I wonder if this security flaw works on any of the other major mobiles operating systems?
  4. Maximosis's Avatar Maximosis
    10-25-2008 06:57 PM
    All u have to do is take the same precautions u take on ur pc. That's all remember to look at the url address before u submit ur password and we should be good for business
  5. embrace LB's Avatar embrace LB
    10-25-2008 07:35 PM
    umm obviously it does matter, it's practically like having passwords stored on your laptop and being on a wifi connection that isn't password protected..
  6. Jorsher's Avatar Jorsher
    10-26-2008 03:27 AM
    Quote:
    Originally Posted by Maximosis View Post
    All u have to do is take the same precautions u take on ur pc. That's all remember to look at the url address before u submit ur password and we should be good for business
    From what the article states, the exploit would allow them to install a keylogger on your phone. This would record your password whether you were at the correct address or not.

    I'm not suggesting you become paranoid, but don't want people thinking as long as they check the url they're ok.
  7. AnDroiD KiDz's Avatar AnDroiD KiDz
    10-26-2008 07:14 AM
    I'm going to make this short and brief... In order to go into landscapeing view while you're web browsing with the keyboard closed just simply open up a web page, press menu, select "more", then you'll stroll down till you see "Flip Orientation", click on that then "Walah!", your screen flip to LANDSCAPE view with your keyboard closed. Enjoy!
  8. Dr. Tyrell's Avatar Dr. Tyrell
    11-02-2008 03:35 PM
    Google was smart enough to setup jails (sandboxes?) for every process, and this alone will strictly limit intrusion damage.

    I have looked at processes and file structures on the G1, and let me tell you Google did their homework.

    As a long time Unix/Linux administrator I can say with authority that with the coming of additional hole plugging, etc. this phone (and other Android devices to follow) will be nearly impenetrable. And if an intrusion happens there is absolutely no way to escape the jail.

    The Doctor
  9. refused9150's Avatar refused9150
    11-02-2008 04:01 PM
    The patch on the update that was recently released should have taken care of this problem all together.
Join AndroidCommunity Forums

Android Phone Accessories


T-Mobile G1 Accessories
Palm Pre Accessories
iPod Touch Accessories
Advertise with SlashGear
Free Tech Support at SlashGear Forums

© 2008 Android Community. Part of R3 Media Network

Contact | Advertising | About Us