Just days after the T-Mobile G1 smartphone went on the market, a group of security researchers have found what they call a serious flaw in the Android software from Google that runs it.
One of the researchers, Charles Miller, notified Google of the flaw last week and said he was publicizing it now because he believed that cellphone users were not generally aware that increasingly sophisticated smartphones faced the same threats that plague Internet-connected personal computers.
Miller, a former National Security Agency computer security specialist, said the flaw could be exploited by an attacker who might trick a G1 user into visiting a booby-trapped Web site.
The G1 went on sale at T-Mobile stores on Wednesday.
Google executives acknowledged the issue but said that the security features of the phone would limit the extent of damage that could be done by an intruder, compared with today’s PCs and other cellphones.
Unlike modern personal computers and other advanced smartphones like the iPhone, the Google phone creates a series of software compartments that limit the access of an intruder to a single application.
“We wanted to sandbox every single application because you can’t trust any of them,” said Rich Cannings, a Google security engineer.
He said that the company had already fixed an open-source version of the software and was working with its partners, T-Mobile and HTC (宏達電), to offer fixes for its current customers.
Typically, today’s computer operating systems try to limit access by creating a partition between a single user’s control of the machine and complete access to programs and data, which is referred to as superuser, root or administrative access.
The risk in the Google design, said Miller, who is a principal security analyst at Independent Security Evaluators in Baltimore, lies in the danger from within the Web browser partition in the phone. It would be possible, for example, for an intruder to install software that would capture keystrokes entered by the user when surfing to other Web sites. That would make it possible to steal identity information or passwords.
Miller has previously gained attention for finding other vulnerabilities. In March, he received US$10,000 and a Macintosh Air laptop in a contest at the CanSecWest security conference by reading the contents of a file stored on a Mac laptop by directing the machine to a Web site that was able to exploit a vulnerability in Apple’s Safari browser.
Google executives said they believed that Miller had violated an unwritten code between companies and researchers that is intended to give companies time to fix problems before they are publicized.
Miller said he was withholding technical details, but said he felt that consumers had a right to know that products had shortcomings.
Cairo’s new monorail slices across the city skyline, running above the familiar chaos of blaring horns and aging buses’ exhaust fumes that mark rush hour below. The US$4.5 billion monorail, opened this month, is among Egypt’s most prominent new transport projects, part of a debt-funded infrastructure drive criticized for sapping state finances while bringing limited benefits to most of the country’s 109 million people. “It feels like you’re in a different country,” said Ramy Sayed, a restaurant manager, aboard a driverless Innovia 300 train. “No noise, no traffic, we’re not used to this.” The eastern line runs 56km from the bustling middle-class
Starlux Airlines Co (星宇航空) today unveiled a long-haul network expansion plan at a shareholders’ meeting in Taipei, including direct flights to Barcelona, Spain, and Zurich, Switzerland, as well as a service connecting Taipei, Sydney and New Zealand. Starlux is to become the first Taiwanese carrier to offer non-stop services to the two European cities, while the inaugural oceanic route is expected to expand transit opportunities within the Australia-New Zealand market, Starlux said. Flight services to Chicago, Dallas, Washington and New York are under evaluation, the airline added. Prior to the shareholders’ meeting, the airline earlier this year announced that it would be
Taiwanese firms have increased investment in the Philippines in recent years as Manila’s ties with Washington deepen and global supply chains continue to shift away from China, an expert at the Chung-Hua Institution for Economic Research (CIER, 中華經濟研究院) said yesterday. The Philippines had not been among Taiwanese investors’ top choices in Southeast Asia, CIER Taiwan ASEAN Studies Center director Kristy Hsu (徐遵慈) said at a seminar in Taipei. However, Taiwan’s investment in the country has grown significantly since the COVID-19 pandemic, reaching US $257 million last year, a high in recent years, she said. Although Taiwan’s total investment in the Philippines still lags
Taiwanese prosecutors suspect that three people successfully smuggled at least one shipment of Nvidia Corp artificial intelligence (AI) chips to China after first exporting them to Japan, people familiar with the matter said. The trio was detained last week by the Keelung District Prosecutors’ Office for allegedly falsifying documents related to exports of Super Micro Computer Inc servers containing advanced Nvidia chips, which the US has barred from sale to China without a license from Washington. The move marked Taiwan’s first public crackdown on AI chip diversion after years of pressure from the US to take a more active role in curtailing
RSS