Just days after the T-Mobile G1 smartphone went on the market, a group of security researchers have found what they call a serious flaw in the Android software from Google that runs it.
One of the researchers, Charles Miller, notified Google of the flaw last week and said he was publicizing it now because he believed that cellphone users were not generally aware that increasingly sophisticated smartphones faced the same threats that plague Internet-connected personal computers.
Miller, a former National Security Agency computer security specialist, said the flaw could be exploited by an attacker who might trick a G1 user into visiting a booby-trapped Web site.
The G1 went on sale at T-Mobile stores on Wednesday.
Google executives acknowledged the issue but said that the security features of the phone would limit the extent of damage that could be done by an intruder, compared with today’s PCs and other cellphones.
Unlike modern personal computers and other advanced smartphones like the iPhone, the Google phone creates a series of software compartments that limit the access of an intruder to a single application.
“We wanted to sandbox every single application because you can’t trust any of them,” said Rich Cannings, a Google security engineer.
He said that the company had already fixed an open-source version of the software and was working with its partners, T-Mobile and HTC (宏達電), to offer fixes for its current customers.
Typically, today’s computer operating systems try to limit access by creating a partition between a single user’s control of the machine and complete access to programs and data, which is referred to as superuser, root or administrative access.
The risk in the Google design, said Miller, who is a principal security analyst at Independent Security Evaluators in Baltimore, lies in the danger from within the Web browser partition in the phone. It would be possible, for example, for an intruder to install software that would capture keystrokes entered by the user when surfing to other Web sites. That would make it possible to steal identity information or passwords.
Miller has previously gained attention for finding other vulnerabilities. In March, he received US$10,000 and a Macintosh Air laptop in a contest at the CanSecWest security conference by reading the contents of a file stored on a Mac laptop by directing the machine to a Web site that was able to exploit a vulnerability in Apple’s Safari browser.
Google executives said they believed that Miller had violated an unwritten code between companies and researchers that is intended to give companies time to fix problems before they are publicized.
Miller said he was withholding technical details, but said he felt that consumers had a right to know that products had shortcomings.
GROWING CONCERN: Some senior Trump administration officials opposed the UAE expansion over fears that another TSMC project could jeopardize its US investment Taiwan Semiconductor Manufacturing Co (TSMC, 台積電) is evaluating building an advanced production facility in the United Arab Emirates (UAE) and has discussed the possibility with officials in US President Donald Trump’s administration, people familiar with the matter said, in a potentially major bet on the Middle East that would only come to fruition with Washington’s approval. The company has had multiple meetings in the past few months with US Special Envoy to the Middle East Steve Witkoff and officials from MGX, an influential investment vehicle overseen by the UAE president’s brother, the people said. The conversations are a continuation of talks that
Alchip Technologies Ltd (世芯), an application-specific integrated circuit (ASIC) designer specializing in artificial-intelligence (AI) chips, yesterday said that small-volume production of 3-nanometer (nm) chips for a key customer is on track to start by the end of this year, dismissing speculation about delays in producing advanced chips. As Alchip is transitioning from 7-nanometer and 5-nanometer process technology to 3 nanometers, investors and shareholders have been closely monitoring whether the company is navigating through such transition smoothly. “We are proceeding well in [building] this generation [of chips]. It appears to me that no revision will be required. We have achieved success in designing
UNCERTAINTY: Investors remain worried that trade negotiations with Washington could go poorly, given Trump’s inconsistency on tariffs in his second term, experts said The consumer confidence index this month fell for a ninth consecutive month to its lowest level in 13 months, as global trade uncertainties and tariff risks cloud Taiwan’s economic outlook, a survey released yesterday by National Central University found. The biggest decline came from the timing for stock investments, which plunged 11.82 points to 26.82, underscoring bleak investor confidence, it said. “Although the TAIEX reclaimed the 21,000-point mark after the US and China agreed to bury the hatchet for 90 days, investors remain worried that the situation would turn sour later,” said Dachrahn Wu (吳大任), director of the university’s Research Center for
Nintendo Co hopes to match the runaway success of the Switch when its leveled-up new console hits shelves on Thursday, with strong early sales expected despite the gadget’s high price. Featuring a bigger screen and more processing power, the Switch 2 is an upgrade to its predecessor, which has sold 152 million units since launching in 2017 — making it the third-best-selling video game console of all time. However, despite buzz among fans and robust demand for pre-orders, headwinds for Nintendo include uncertainty over US trade tariffs and whether enough people are willing to shell out. The Switch 2 “is priced relatively high”
RSS