Just days after the T-Mobile G1 smartphone went on the market, a group of security researchers have found what they call a serious flaw in the Android software from Google that runs it.
One of the researchers, Charles Miller, notified Google of the flaw last week and said he was publicizing it now because he believed that cellphone users were not generally aware that increasingly sophisticated smartphones faced the same threats that plague Internet-connected personal computers.
Miller, a former National Security Agency computer security specialist, said the flaw could be exploited by an attacker who might trick a G1 user into visiting a booby-trapped Web site.
The G1 went on sale at T-Mobile stores on Wednesday.
Google executives acknowledged the issue but said that the security features of the phone would limit the extent of damage that could be done by an intruder, compared with today’s PCs and other cellphones.
Unlike modern personal computers and other advanced smartphones like the iPhone, the Google phone creates a series of software compartments that limit the access of an intruder to a single application.
“We wanted to sandbox every single application because you can’t trust any of them,” said Rich Cannings, a Google security engineer.
He said that the company had already fixed an open-source version of the software and was working with its partners, T-Mobile and HTC (宏達電), to offer fixes for its current customers.
Typically, today’s computer operating systems try to limit access by creating a partition between a single user’s control of the machine and complete access to programs and data, which is referred to as superuser, root or administrative access.
The risk in the Google design, said Miller, who is a principal security analyst at Independent Security Evaluators in Baltimore, lies in the danger from within the Web browser partition in the phone. It would be possible, for example, for an intruder to install software that would capture keystrokes entered by the user when surfing to other Web sites. That would make it possible to steal identity information or passwords.
Miller has previously gained attention for finding other vulnerabilities. In March, he received US$10,000 and a Macintosh Air laptop in a contest at the CanSecWest security conference by reading the contents of a file stored on a Mac laptop by directing the machine to a Web site that was able to exploit a vulnerability in Apple’s Safari browser.
Google executives said they believed that Miller had violated an unwritten code between companies and researchers that is intended to give companies time to fix problems before they are publicized.
Miller said he was withholding technical details, but said he felt that consumers had a right to know that products had shortcomings.
RECYCLE: Taiwan would aid manufacturers in refining rare earths from discarded appliances, which would fit the nation’s circular economy goals, minister Kung said Taiwan would work with the US and Japan on a proposed cooperation initiative in response to Beijing’s newly announced rare earth export curbs, Minister of Economic Affairs Kung Ming-hsin (龔明鑫) said yesterday. China last week announced new restrictions requiring companies to obtain export licenses if their products contain more than 0.1 percent of Chinese-origin rare earths by value. US Secretary of the Treasury Scott Bessent on Wednesday responded by saying that Beijing was “unreliable” in its rare earths exports, adding that the US would “neither be commanded, nor controlled” by China, several media outlets reported. Japanese Minister of Finance Katsunobu Kato yesterday also
China Airlines Ltd (CAL, 中華航空) said it expects peak season effects in the fourth quarter to continue to boost demand for passenger flights and cargo services, after reporting its second-highest-ever September sales on Monday. The carrier said it posted NT$15.88 billion (US$517 million) in consolidated sales last month, trailing only September last year’s NT$16.01 billion. Last month, CAL generated NT$8.77 billion from its passenger flights and NT$5.37 billion from cargo services, it said. In the first nine months of this year, the carrier posted NT$154.93 billion in cumulative sales, up 2.62 percent from a year earlier, marking the second-highest level for the January-September
‘DRAMATIC AND POSITIVE’: AI growth would be better than it previously forecast and would stay robust even if the Chinese market became inaccessible for customers, it said Taiwan Semiconductor Manufacturing Co (TSMC, 台積電) yesterday raised its full-year revenue growth outlook after posting record profit for last quarter, despite growing market concern about an artificial intelligence (AI) bubble. The company said it expects revenue to expand about 35 percent year-on-year, driven mainly by faster-than-expected demand for leading-edge chips for AI applications. The world’s biggest contract chipmaker in July projected that revenue this year would expand about 30 percent in US dollar terms. The company also slightly hiked its capital expenditure for this year to US$40 billion to US$42 billion, compared with US$38 billion to US$42 billion it set previously. “AI demand actually
Jensen Huang (黃仁勳), founder and CEO of US-based artificial intelligence chip designer Nvidia Corp and Taiwan Semiconductor Manufacturing Co (TSMC, 台積電) on Friday celebrated the first Nvidia Blackwell wafer produced on US soil. Huang visited TSMC’s advanced wafer fab in the US state of Arizona and joined the Taiwanese chipmaker’s executives to witness the efforts to “build the infrastructure that powers the world’s AI factories, right here in America,” Nvidia said in a statement. At the event, Huang joined Y.L. Wang (王英郎), vice president of operations at TSMC, in signing their names on the Blackwell wafer to
RSS