Just days after the T-Mobile G1 smartphone went on the market, a group of security researchers have found what they call a serious flaw in the Android software from Google that runs it.
One of the researchers, Charles Miller, notified Google of the flaw last week and said he was publicizing it now because he believed that cellphone users were not generally aware that increasingly sophisticated smartphones faced the same threats that plague Internet-connected personal computers.
Miller, a former National Security Agency computer security specialist, said the flaw could be exploited by an attacker who might trick a G1 user into visiting a booby-trapped Web site.
The G1 went on sale at T-Mobile stores on Wednesday.
Google executives acknowledged the issue but said that the security features of the phone would limit the extent of damage that could be done by an intruder, compared with today’s PCs and other cellphones.
Unlike modern personal computers and other advanced smartphones like the iPhone, the Google phone creates a series of software compartments that limit the access of an intruder to a single application.
“We wanted to sandbox every single application because you can’t trust any of them,” said Rich Cannings, a Google security engineer.
He said that the company had already fixed an open-source version of the software and was working with its partners, T-Mobile and HTC (宏達電), to offer fixes for its current customers.
Typically, today’s computer operating systems try to limit access by creating a partition between a single user’s control of the machine and complete access to programs and data, which is referred to as superuser, root or administrative access.
The risk in the Google design, said Miller, who is a principal security analyst at Independent Security Evaluators in Baltimore, lies in the danger from within the Web browser partition in the phone. It would be possible, for example, for an intruder to install software that would capture keystrokes entered by the user when surfing to other Web sites. That would make it possible to steal identity information or passwords.
Miller has previously gained attention for finding other vulnerabilities. In March, he received US$10,000 and a Macintosh Air laptop in a contest at the CanSecWest security conference by reading the contents of a file stored on a Mac laptop by directing the machine to a Web site that was able to exploit a vulnerability in Apple’s Safari browser.
Google executives said they believed that Miller had violated an unwritten code between companies and researchers that is intended to give companies time to fix problems before they are publicized.
Miller said he was withholding technical details, but said he felt that consumers had a right to know that products had shortcomings.
Apple Inc increased iPhone production in India by about 53 percent last year and now makes a quarter of its marquee devices there, reflecting the US company’s efforts to avoid tariffs on China. The company assembled about 55 million iPhones in India last year, up from 36 million a year earlier, people familiar with the matter said, asking not to be named because the numbers aren’t public. Apple makes about 220 million to 230 million iPhones a year globally, with India’s share of the total increasing rapidly. Apple has accelerated its expansion in the world’s most populous country in recent years, bolstered
HEADWINDS: The company said it expects its computer business, as well as consumer electronics and communications segments to see revenue declines due to seasonality Pegatron Corp (和碩) yesterday said it aims to grow its artificial intelligence (AI) server revenue more than 10-fold this year from last year, driven by orders from neocloud solutions clients and large cloud service providers. The electronics manufacturing service provider said AI server revenue growth would be driven primarily by the Nvidia Corp GB300 server platform. Server shipments are expected to increase each quarter this year, with the second half likely to outperform the first half, it said. The AI server market is expected to broaden this year as more inference applications emerge, which would drive demand for system-on-chip, application-specific integrated circuits
At a massive shipyard in North Vancouver, Canadian workers grind metal beams for a powerful new icebreaker crucial to cementing the country’s presence in the increasingly contested arctic. Icebreakers are specialized, expensive vessels able to navigate in the frozen far north. And “this is the crown jewel,” said Eddie Schehr, vice president of production at the Seaspan shipyard. For Canadian Prime Minister Mark Carney, who heads to Norway next Friday to observe arctic defense drills involving troops from 14 NATO states, Canada’s extreme north has emerged as a strategic priority. “Canada is and forever will be an Arctic nation,” he said ahead of
Chinese entrepreneur Frank Gao used to spend long hours running his social media accounts but now outsources the chore to artificial intelligence (AI) agent tool OpenClaw, which is taking China by storm despite official warnings over cybersecurity. OpenClaw, created in November by an Austrian coder, differs from bots such as ChatGPT because it can execute real-life tasks such as sending e-mails, organizing files or even booking flight tickets. “Since January, I’ve spent hours on the lobster every day,” Gao said in an interview, referring to OpenClaw’s red crustacean mascot. “We’re family.” After downloading OpenClaw, users connect it to artificial intelligence models of their
RSS