Just days after the T-Mobile G1 smartphone went on the market, a group of security researchers have found what they call a serious flaw in the Android software from Google that runs it.
One of the researchers, Charles Miller, notified Google of the flaw last week and said he was publicizing it now because he believed that cellphone users were not generally aware that increasingly sophisticated smartphones faced the same threats that plague Internet-connected personal computers.
Miller, a former National Security Agency computer security specialist, said the flaw could be exploited by an attacker who might trick a G1 user into visiting a booby-trapped Web site.
The G1 went on sale at T-Mobile stores on Wednesday.
Google executives acknowledged the issue but said that the security features of the phone would limit the extent of damage that could be done by an intruder, compared with today’s PCs and other cellphones.
Unlike modern personal computers and other advanced smartphones like the iPhone, the Google phone creates a series of software compartments that limit the access of an intruder to a single application.
“We wanted to sandbox every single application because you can’t trust any of them,” said Rich Cannings, a Google security engineer.
He said that the company had already fixed an open-source version of the software and was working with its partners, T-Mobile and HTC (宏達電), to offer fixes for its current customers.
Typically, today’s computer operating systems try to limit access by creating a partition between a single user’s control of the machine and complete access to programs and data, which is referred to as superuser, root or administrative access.
The risk in the Google design, said Miller, who is a principal security analyst at Independent Security Evaluators in Baltimore, lies in the danger from within the Web browser partition in the phone. It would be possible, for example, for an intruder to install software that would capture keystrokes entered by the user when surfing to other Web sites. That would make it possible to steal identity information or passwords.
Miller has previously gained attention for finding other vulnerabilities. In March, he received US$10,000 and a Macintosh Air laptop in a contest at the CanSecWest security conference by reading the contents of a file stored on a Mac laptop by directing the machine to a Web site that was able to exploit a vulnerability in Apple’s Safari browser.
Google executives said they believed that Miller had violated an unwritten code between companies and researchers that is intended to give companies time to fix problems before they are publicized.
Miller said he was withholding technical details, but said he felt that consumers had a right to know that products had shortcomings.
SEMICONDUCTOR SERVICES: A company executive said that Taiwanese firms must think about how to participate in global supply chains and lift their competitiveness Taiwan Semiconductor Manufacturing Co (TSMC, 台積電) yesterday said it expects to launch its first multifunctional service center in Pingtung County in the middle of 2027, in a bid to foster a resilient high-tech facility construction ecosystem. TSMC broached the idea of creating a center two or three years ago when it started building new manufacturing capacity in the US and Japan, the company said. The center, dubbed an “ecosystem park,” would assist local manufacturing facility construction partners to upgrade their capabilities and secure more deals from other global chipmakers such as Intel Corp, Micron Technology Inc and Infineon Technologies AG, TSMC said. It
People walk past advertising for a Syensqo chip at the Semicon Taiwan exhibition in Taipei yesterday.
NO BREAKTHROUGH? More substantial ‘deliverables,’ such as tariff reductions, would likely be saved for a meeting between Trump and Xi later this year, a trade expert said China launched two probes targeting the US semiconductor sector on Saturday ahead of talks between the two nations in Spain this week on trade, national security and the ownership of social media platform TikTok. China’s Ministry of Commerce announced an anti-dumping investigation into certain analog integrated circuits (ICs) imported from the US. The investigation is to target some commodity interface ICs and gate driver ICs, which are commonly made by US companies such as Texas Instruments Inc and ON Semiconductor Corp. The ministry also announced an anti-discrimination probe into US measures against China’s chip sector. US measures such as export curbs and tariffs
The US on Friday penalized two Chinese firms that acquired US chipmaking equipment for China’s top chipmaker, Semiconductor Manufacturing International Corp (SMIC, 中芯國際), including them among 32 entities that were added to the US Department of Commerce’s restricted trade list, a US government posting showed. Twenty-three of the 32 are in China. GMC Semiconductor Technology (Wuxi) Co (吉姆西半導體科技) and Jicun Semiconductor Technology (Shanghai) Co (吉存半導體科技) were placed on the list, formally known as the Entity List, for acquiring equipment for SMIC Northern Integrated Circuit Manufacturing (Beijing) Corp (中芯北方積體電路) and Semiconductor Manufacturing International (Beijing) Corp (中芯北京), the US Federal Register posting said. The
RSS