Just days after the T-Mobile G1 smartphone went on the market, a group of security researchers have found what they call a serious flaw in the Android software from Google that runs it.
One of the researchers, Charles Miller, notified Google of the flaw last week and said he was publicizing it now because he believed that cellphone users were not generally aware that increasingly sophisticated smartphones faced the same threats that plague Internet-connected personal computers.
Miller, a former National Security Agency computer security specialist, said the flaw could be exploited by an attacker who might trick a G1 user into visiting a booby-trapped Web site.
The G1 went on sale at T-Mobile stores on Wednesday.
Google executives acknowledged the issue but said that the security features of the phone would limit the extent of damage that could be done by an intruder, compared with today’s PCs and other cellphones.
Unlike modern personal computers and other advanced smartphones like the iPhone, the Google phone creates a series of software compartments that limit the access of an intruder to a single application.
“We wanted to sandbox every single application because you can’t trust any of them,” said Rich Cannings, a Google security engineer.
He said that the company had already fixed an open-source version of the software and was working with its partners, T-Mobile and HTC (宏達電), to offer fixes for its current customers.
Typically, today’s computer operating systems try to limit access by creating a partition between a single user’s control of the machine and complete access to programs and data, which is referred to as superuser, root or administrative access.
The risk in the Google design, said Miller, who is a principal security analyst at Independent Security Evaluators in Baltimore, lies in the danger from within the Web browser partition in the phone. It would be possible, for example, for an intruder to install software that would capture keystrokes entered by the user when surfing to other Web sites. That would make it possible to steal identity information or passwords.
Miller has previously gained attention for finding other vulnerabilities. In March, he received US$10,000 and a Macintosh Air laptop in a contest at the CanSecWest security conference by reading the contents of a file stored on a Mac laptop by directing the machine to a Web site that was able to exploit a vulnerability in Apple’s Safari browser.
Google executives said they believed that Miller had violated an unwritten code between companies and researchers that is intended to give companies time to fix problems before they are publicized.
Miller said he was withholding technical details, but said he felt that consumers had a right to know that products had shortcomings.
Intel Corp chief executive officer Lip-Bu Tan (陳立武) is expected to meet with Taiwanese suppliers next month in conjunction with the opening of the Computex Taipei trade show, supply chain sources said on Monday. The visit, the first for Tan to Taiwan since assuming his new post last month, would be aimed at enhancing Intel’s ties with suppliers in Taiwan as he attempts to help turn around the struggling US chipmaker, the sources said. Tan is to hold a banquet to celebrate Intel’s 40-year presence in Taiwan before Computex opens on May 20 and invite dozens of Taiwanese suppliers to exchange views
Quanta Computer Inc (廣達) chairman Barry Lam (林百里) is expected to share his views about the artificial intelligence (AI) industry’s prospects during his speech at the company’s 37th anniversary ceremony, as AI servers have become a new growth engine for the equipment manufacturing service provider. Lam’s speech is much anticipated, as Quanta has risen as one of the world’s major AI server suppliers. The company reported a 30 percent year-on-year growth in consolidated revenue to NT$1.41 trillion (US$43.35 billion) last year, thanks to fast-growing demand for servers, especially those with AI capabilities. The company told investors in November last year that
Application-specific integrated circuit designer Faraday Technology Corp (智原) yesterday said that although revenue this quarter would decline 30 percent from last quarter, it retained its full-year forecast of revenue growth of 100 percent. The company attributed the quarterly drop to a slowdown in customers’ production of chips using Faraday’s advanced packaging technology. The company is still confident about its revenue growth this year, given its strong “design-win” — or the projects it won to help customers design their chips, Faraday president Steve Wang (王國雍) told an online earnings conference. “The design-win this year is better than we expected. We believe we will win
United Microelectronics Corp (UMC, 聯電) forecast that its wafer shipments this quarter would grow up to 7 percent sequentially and the factory utilization rate would rise to 75 percent, indicating that customers did not alter their ordering behavior due to the US President Donald Trump’s capricious US tariff policies. However, the uncertainty about US tariffs has weighed on the chipmaker’s business visibility for the second half of this year, UMC chief financial officer Liu Chi-tung (劉啟東) said at an online earnings conference yesterday. “Although the escalating trade tensions and global tariff policies have increased uncertainty in the semiconductor industry, we have not
RSS