Just days after the T-Mobile G1 smartphone went on the market, a group of security researchers have found what they call a serious flaw in the Android software from Google that runs it.
One of the researchers, Charles Miller, notified Google of the flaw last week and said he was publicizing it now because he believed that cellphone users were not generally aware that increasingly sophisticated smartphones faced the same threats that plague Internet-connected personal computers.
Miller, a former National Security Agency computer security specialist, said the flaw could be exploited by an attacker who might trick a G1 user into visiting a booby-trapped Web site.
The G1 went on sale at T-Mobile stores on Wednesday.
Google executives acknowledged the issue but said that the security features of the phone would limit the extent of damage that could be done by an intruder, compared with today’s PCs and other cellphones.
Unlike modern personal computers and other advanced smartphones like the iPhone, the Google phone creates a series of software compartments that limit the access of an intruder to a single application.
“We wanted to sandbox every single application because you can’t trust any of them,” said Rich Cannings, a Google security engineer.
He said that the company had already fixed an open-source version of the software and was working with its partners, T-Mobile and HTC (宏達電), to offer fixes for its current customers.
Typically, today’s computer operating systems try to limit access by creating a partition between a single user’s control of the machine and complete access to programs and data, which is referred to as superuser, root or administrative access.
The risk in the Google design, said Miller, who is a principal security analyst at Independent Security Evaluators in Baltimore, lies in the danger from within the Web browser partition in the phone. It would be possible, for example, for an intruder to install software that would capture keystrokes entered by the user when surfing to other Web sites. That would make it possible to steal identity information or passwords.
Miller has previously gained attention for finding other vulnerabilities. In March, he received US$10,000 and a Macintosh Air laptop in a contest at the CanSecWest security conference by reading the contents of a file stored on a Mac laptop by directing the machine to a Web site that was able to exploit a vulnerability in Apple’s Safari browser.
Google executives said they believed that Miller had violated an unwritten code between companies and researchers that is intended to give companies time to fix problems before they are publicized.
Miller said he was withholding technical details, but said he felt that consumers had a right to know that products had shortcomings.
Sweeping policy changes under US Secretary of Health and Human Services Robert F. Kennedy Jr are having a chilling effect on vaccine makers as anti-vaccine rhetoric has turned into concrete changes in inoculation schedules and recommendations, investors and executives said. The administration of US President Donald Trump has in the past year upended vaccine recommendations, with the country last month ending its longstanding guidance that all children receive inoculations against flu, hepatitis A and other diseases. The unprecedented changes have led to diminished vaccine usage, hurt the investment case for some biotechs, and created a drag that would likely dent revenues and
Macronix International Co (旺宏), the world’s biggest NOR flash memory supplier, yesterday said it would spend NT$22 billion (US$699.1 million) on capacity expansion this year to increase its production of mid-to-low-density memory chips as the world’s major memorychip suppliers are phasing out the market. The company said its planned capital expenditures are about 11 times higher than the NT$1.8 billion it spent on new facilities and equipment last year. A majority of this year’s outlay would be allocated to step up capacity of multi-level cell (MLC) NAND flash memory chips, which are used in embedded multimedia cards (eMMC), a managed
CULPRITS: Factors that affected the slip included falling global crude oil prices, wait-and-see consumer attitudes due to US tariffs and a different Lunar New Year holiday schedule Taiwan’s retail sales ended a nine-year growth streak last year, slipping 0.2 percent from a year earlier as uncertainty over US tariff policies affected demand for durable goods, data released on Friday by the Ministry of Economic Affairs showed. Last year’s retail sales totaled NT$4.84 trillion (US$153.27 billion), down about NT$9.5 billion, or 0.2 percent, from 2024. Despite the decline, the figure was still the second-highest annual sales total on record. Ministry statistics department deputy head Chen Yu-fang (陳玉芳) said sales of cars, motorcycles and related products, which accounted for 17.4 percent of total retail rales last year, fell NT$68.1 billion, or
In the wake of strong global demand for AI applications, Taiwan’s export-oriented economy accelerated with the composite index of economic indicators flashing the first “red” light in December for one year, indicating the economy is in booming mode, the National Development Council (NDC) said yesterday. Moreover, the index of leading indicators, which gauges the potential state of the economy over the next six months, also moved higher in December amid growing optimism over the outlook, the NDC said. In December, the index of economic indicators rose one point from a month earlier to 38, at the lower end of the “red” light.
RSS