Just days after the T-Mobile G1 smartphone went on the market, a group of security researchers have found what they call a serious flaw in the Android software from Google that runs it.
One of the researchers, Charles Miller, notified Google of the flaw last week and said he was publicizing it now because he believed that cellphone users were not generally aware that increasingly sophisticated smartphones faced the same threats that plague Internet-connected personal computers.
Miller, a former National Security Agency computer security specialist, said the flaw could be exploited by an attacker who might trick a G1 user into visiting a booby-trapped Web site.
The G1 went on sale at T-Mobile stores on Wednesday.
Google executives acknowledged the issue but said that the security features of the phone would limit the extent of damage that could be done by an intruder, compared with today’s PCs and other cellphones.
Unlike modern personal computers and other advanced smartphones like the iPhone, the Google phone creates a series of software compartments that limit the access of an intruder to a single application.
“We wanted to sandbox every single application because you can’t trust any of them,” said Rich Cannings, a Google security engineer.
He said that the company had already fixed an open-source version of the software and was working with its partners, T-Mobile and HTC (宏達電), to offer fixes for its current customers.
Typically, today’s computer operating systems try to limit access by creating a partition between a single user’s control of the machine and complete access to programs and data, which is referred to as superuser, root or administrative access.
The risk in the Google design, said Miller, who is a principal security analyst at Independent Security Evaluators in Baltimore, lies in the danger from within the Web browser partition in the phone. It would be possible, for example, for an intruder to install software that would capture keystrokes entered by the user when surfing to other Web sites. That would make it possible to steal identity information or passwords.
Miller has previously gained attention for finding other vulnerabilities. In March, he received US$10,000 and a Macintosh Air laptop in a contest at the CanSecWest security conference by reading the contents of a file stored on a Mac laptop by directing the machine to a Web site that was able to exploit a vulnerability in Apple’s Safari browser.
Google executives said they believed that Miller had violated an unwritten code between companies and researchers that is intended to give companies time to fix problems before they are publicized.
Miller said he was withholding technical details, but said he felt that consumers had a right to know that products had shortcomings.
SECOND-RATE: Models distilled from US products do not perform the same as the original and undo measures that ensure the systems are neutral, the US’ cable said The US Department of State has ordered a global push to bring attention to what it said are widespread efforts by Chinese companies, including artificial intelligence (AI) start-up DeepSeek (深度求索), to steal intellectual property from US AI labs, according to a diplomatic cable. The cable, dated Friday and sent to diplomatic and consular posts around the world, instructs diplomatic staff to speak to their foreign counterparts about “concerns over adversaries’ extraction and distillation of US AI models.” Distillation is the process of training smaller AI models using output from larger, more expensive ones to lower the costs of training a powerful new
Singapore-based ride-hailing and delivery giant Grab Holdings’ planned acquisition of Foodpanda’s Taiwan operations has yet to enter the formal review stage, as regulators await supplementary documents, the Fair Trade Commission (FTC) said yesterday. Acting FTC Chairman Chen Chih-min (陳志民) told the legislature’s Economics Committee that although Grab submitted its application on March 27, the case has not been officially accepted because required materials remain incomplete. Once the filing is finalized, the FTC would launch a formal probe into the deal, focusing on issues such as cross-shareholding and potential restrictions on market competition, Chen told lawmakers. Grab last month announced that it would acquire
Shares of Taiwan Semiconductor Manufacturing Co (TSMC, 台積電) have repeatedly hit new highs, but an equity analyst said the stock’s valuation remains within a reasonable range and any pullback would likely be technical. The contract chipmaker’s historical price-to-earnings (P/E) ratio has ranged between 20 and 30, Cathay Futures Consultant Co (國泰證期) analyst Tsai Ming-han (蔡明翰) told Central News Agency. With market consensus projecting that TSMC would post earnings per share of about NT$100 (US$3.17) this year, supported by strong global demand for artificial intelligence (AI) applications, and the stock currently trading at a P/E ratio of below 25, Tsai said the valuation
The artificial intelligence (AI) boom has triggered a seismic reshuffling of global equity markets, with Taiwan and South Korea muscling past European nations one by one. With its stock market now valued at nearly US$4.3 trillion, Taiwan surpassed the UK, Europe’s biggest market, earlier this month, data compiled by Bloomberg showed. South Korea is about US$140 billion away from doing the same. The tech-heavy Asian markets have shot past Germany and France in the past seven months. The shift is largely down to massive gains in shares of three companies that provide essential hardware for AI: Taiwan Semiconductor Manufacturing Co (TSMC, 台積電),
RSS