Just days after the T-Mobile G1 smartphone went on the market, a group of security researchers have found what they call a serious flaw in the Android software from Google that runs it.
One of the researchers, Charles Miller, notified Google of the flaw last week and said he was publicizing it now because he believed that cellphone users were not generally aware that increasingly sophisticated smartphones faced the same threats that plague Internet-connected personal computers.
Miller, a former National Security Agency computer security specialist, said the flaw could be exploited by an attacker who might trick a G1 user into visiting a booby-trapped Web site.
The G1 went on sale at T-Mobile stores on Wednesday.
Google executives acknowledged the issue but said that the security features of the phone would limit the extent of damage that could be done by an intruder, compared with today’s PCs and other cellphones.
Unlike modern personal computers and other advanced smartphones like the iPhone, the Google phone creates a series of software compartments that limit the access of an intruder to a single application.
“We wanted to sandbox every single application because you can’t trust any of them,” said Rich Cannings, a Google security engineer.
He said that the company had already fixed an open-source version of the software and was working with its partners, T-Mobile and HTC (宏達電), to offer fixes for its current customers.
Typically, today’s computer operating systems try to limit access by creating a partition between a single user’s control of the machine and complete access to programs and data, which is referred to as superuser, root or administrative access.
The risk in the Google design, said Miller, who is a principal security analyst at Independent Security Evaluators in Baltimore, lies in the danger from within the Web browser partition in the phone. It would be possible, for example, for an intruder to install software that would capture keystrokes entered by the user when surfing to other Web sites. That would make it possible to steal identity information or passwords.
Miller has previously gained attention for finding other vulnerabilities. In March, he received US$10,000 and a Macintosh Air laptop in a contest at the CanSecWest security conference by reading the contents of a file stored on a Mac laptop by directing the machine to a Web site that was able to exploit a vulnerability in Apple’s Safari browser.
Google executives said they believed that Miller had violated an unwritten code between companies and researchers that is intended to give companies time to fix problems before they are publicized.
Miller said he was withholding technical details, but said he felt that consumers had a right to know that products had shortcomings.
SETBACK: Apple’s India iPhone push has been disrupted after Foxconn recalled hundreds of Chinese engineers, amid Beijing’s attempts to curb tech transfers Apple Inc assembly partner Hon Hai Precision Industry Co (鴻海精密), also known internationally as Foxconn Technology Group (富士康科技集團), has recalled about 300 Chinese engineers from a factory in India, the latest setback for the iPhone maker’s push to rapidly expand in the country. The extraction of Chinese workers from the factory of Yuzhan Technology (India) Private Ltd, a Hon Hai component unit, in southern Tamil Nadu state, is the second such move in a few months. The company has started flying in Taiwanese engineers to replace staff leaving, people familiar with the matter said, asking not to be named, as the
The prices of gasoline and diesel at domestic fuel stations are to rise NT$0.1 and NT$0.4 per liter this week respectively, after international crude oil prices rose last week, CPC Corp, Taiwan (台灣中油) and Formosa Petrochemical Corp (台塑石化) announced yesterday. Effective today, gasoline prices at CPC and Formosa stations are to rise to NT$27.3, NT$28.8 and NT$30.8 per liter for 92, 95 and 98-octane unleaded gasoline respectively, the companies said in separate statements. The price of premium diesel is to rise to NT$26.2 per liter at CPC stations and NT$26 at Formosa pumps, they said. The announcements came after international crude oil prices
DOLLAR SIGNS: The central bank rejected claims that the NT dollar had appreciated 10 percentage points more than the yen or the won against the greenback The New Taiwan dollar yesterday fell for a sixth day to its weakest level in three months, driven by equity-related outflows and reactions to an economics official’s exchange rate remarks. The NT dollar slid NT$0.197, or 0.65 percent, to close at NT$30.505 per US dollar, central bank data showed. The local currency has depreciated 1.97 percent so far this month, ranking as the weakest performer among Asian currencies. Dealers attributed the retreat to foreign investors wiring capital gains and dividends abroad after taking profit in local shares. They also pointed to reports that Washington might consider taking equity stakes in chipmakers, including Taiwan Semiconductor
A German company is putting used electric vehicle batteries to new use by stacking them into fridge-size units that homes and businesses can use to store their excess solar and wind energy. This week, the company Voltfang — which means “catching volts” — opened its first industrial site in Aachen, Germany, near the Belgian and Dutch borders. With about 100 staff, Voltfang says it is the biggest facility of its kind in Europe in the budding sector of refurbishing lithium-ion batteries. Its CEO David Oudsandji hopes it would help Europe’s biggest economy ween itself off fossil fuels and increasingly rely on climate-friendly renewables. While
RSS