Security flaw spotted in G1 Google phone

By Nancy Gohring, IDG News Service |  Security, Android, G1 10 comments

October 27, 2008, 1:46 PM Researchers at Independent Security Evaluators say they've discovered a security flaw in the Android browser that could make users of phones with the browser vulnerable to attack.

Android, Google's open-source software that is currently only running on one phone, HTC's G1, is based on outdated open-source components, the researchers say. As a result, the vulnerability they have discovered was previously known and fixed, but Google didn't incorporate the fix into Android, they say.

The G1 went on sale last Wednesday from T-Mobile USA, and Google published the source code behind Android on Tuesday. Other manufacturers, including Motorola, are expected to also release phones running Android in the future.

On a Web page for ISE, Charlie Miller, Mark Daniel and Jake Honoroff wrote that they won't reveal much about the vulnerability until Google fixes it. However, they say that Android users who visit malicious Web sites may find their sensitive information stolen. That's because an attacker could access any information the site uses, including saved passwords, information entered into a Web application form and cookies.

The researchers also say, however, that the impact of the attack is limited because of Android's security architecture. An attacker can't, for example, control functions of the phone such as the dialer.

Google said it is developing a solution to the problem. "We are working with T-Mobile to include a fix for the browser exploit, which will soon be delivered over the air to all devices, and have addressed this in the Android open-source platform. The security and privacy of our users is of primary importance to the Android Open Source Project -- we do not believe this matter will negatively impact them," the company said in a statement. It did not say when it expects to push out the update.

The researchers say that they notified Google of the issue on Oct. 20.

The incident raises questions about potential difficulties that the Android community might face in the future. Because Google has adopted an open model with Android, many vendors and operators in the future may offer a variety of phones, each potentially with slightly different versions of the operating system. If vulnerabilities are found in the future, phone makers and operators will have to determine if their version of the software is affected and then coordinate the distribution of a fix to users.

10 comments

    Anonymous 3 years ago
    Add me on Myspace.
    Flag comment  |  Permalink Reply
    Anonymous 3 years ago
    Lepisma saccharina (commonly called the fishmoth, urban silverfish or just the silverfish) is a small, wingless insect typically measuring from a half to one inch (12–25 mm). Its common name derives from the animal's silvery blue colour, combined with the fish-like appearance of its movements, while the scientific name indicates the silverfish's diet of carbohydrates such as sugar or starches. It belongs to the basal insect order Thysanura, and the species is estimated to have existed for over 300 million years, originating in the Paleozoic Era.[1] Often misidentified as a silverfish is the house centipede, another house-dwelling arthropod that exhibits rapid, fluid movement.
    Flag comment  |  Permalink Reply
    Anonymous 3 years ago
    one is the loneliest number, two is just as bad as one, it's the loneliest number since the number one.
    Flag comment  |  Permalink Reply
    Anonymous 3 years ago
    Maybe one day we can all adapt to the taste of lemon and it's sour insperation. If we all learn to grasp our emotions and hold onto the times we all have inside of hearts we cann all achieve a powerfull lemon sensation. Don't hold back... just don't hold back! Maybe if i try harder I will get more lemon, maybe melon who knows, just try you know, it comes from with in.I pick these fresh lemons from my tree and gaze at there round shape. It gives me that feeling that it's gonna be something real nice.
    Flag comment  |  Permalink Reply
    Anonymous 3 years ago
    6 ounces bittersweet chocolate (not unsweetened) 3/4 cup unsalted butter, cubed and softened 2/3 cup sugar 4 eggs, separated 2/3 cup flour Chocolate Topping (recipe follows) In top of double boiler, melt chocolate over simmering water until smooth. Or place in microwave bowl; microwave at Medium (50-percent power) for 2 1/2 to 3 1/2 minutes or until melted and smooth. Let cool slightly. In a bowl, cream softened butter with sugar until fluffy; beat in melted chocolate and egg yolks until smooth. Sift flour over chocolate mixture and fold in. In another bowl, beat egg whites until stiff peaks form. Fold into chocolate mixture using a whisk until no white streaks remain. Preheat oven to 350 degrees.Butter a nine-inch spring-form pan; dust lightly with cocoa powder, shaking off excess. Evenly spread batter in pan; bake for 35 minutes at 350 degrees F or until cake tester inserted in center comes out clean. Place on rack and let cool. Run a knife around outside of cake and arrange on serving plate. Spread top and sides of cake with chocolate topping. Refrigerate. Chocolate Topping:1/4 cup unsalted butter, softened 1/3 cup superfine sugar 4 ounces bittersweet chocolate, melted 1/3 cup evaporated milk In bowl, cream butter with sugar until light and fluffy. Stir in melted chocolate and evaporated milk until smooth. (If too soft, wait five to 10 minutes or until topping is of spreading consistency.) Spread over top and sides of cake.For a dramatic dessert presentation, cut cake into wedges and serve on large dessert plates dusted with cocoa powder. Garnish with fresh raspberries or sliced strawberries.
    Flag comment  |  Permalink Reply
    Anonymous 3 years ago
    Have you ever wondered why Coke comes with a smile? It’s because it gets you high. They took the cocaine out almost a hundred years ago.In The First 10 minutes: 10 teaspoons of sugar hit your system. (100% of your recommended daily intake.) You don’t immediately vomit from the overwhelming sweetness because phosphoric acid cuts the flavor allowing you to keep it down.20 minutes: Your blood sugar spikes, causing an insulin burst. Your liver responds to this by turning any sugar it can get it’s hands on into fat. (There’s plenty of that at this particular moment)40 minutes: Caffeine absorption is complete. Your pupils dialate, your blood pressure rises, as a response your livers dumps more sugar into your bloodstream. The adenosine receptors in your brain are now blocked preventing drowsiness.45 minutes: Your body ups your dopamine production stimulating the pleasure centers of your brain. This is physically the same way heroin works, by the way.>60 minutes: The phosphoric acid binds calcium, magnesium and zinc in your lower intestine, providing a further boost in metabolism. This is compounded by high doses of sugar and artificial sweeteners also increasing the urinary excretion of calcium.>60 Minutes: The caffeine’s diuretic properties come into play. (It makes you have to pee.) It is now assured that you’ll evacuate the bonded calcium, magnesium and zinc that was headed to your bones as well as sodium, electrolyte and water.>60 minutes: As the rave inside of you dies down you’ll start to have a sugar crash. You may become irritable and/or sluggish. You’ve also now, literally, pissed away all the water that was in the Coke. But not before infusing it with valuable nutrients your body could have used for things like even having the ability to hydrate your system or build strong bones and teeth.
    Flag comment  |  Permalink Reply
    Anonymous 3 years ago
    PIE... P is for pie. I is for is. E is for DeliciousBut with great pie, comes tasty responsibilty.
    Flag comment  |  Permalink Reply
    Anonymous 3 years ago
    The love of truth, the love of sanctum. I love the way the sky looks back at me when i kiss the camera. I fall into the wonders of the cave of truth, the cave of awareness. I try not to cry as the bird flys past with a flower in it's mouth. I couldn't believe my eyes when i found a nice fresh salmon laying against the water, by the waves side, by the love of destiny. Watermelon could be displayed with a value $1.89 a peice. The love of truth, the love of sanctum.
    Flag comment  |  Permalink Reply
    Anonymous 3 years ago
    Sending spam violates the Acceptable Use Policy (AUP) of almost all Internet Service Providers. Providers vary in their willingness or ability to enforce their AUP. Some actively enforce their terms and terminate spammers' accounts without warning. Some ISPs lack adequate personnel or technical skills for enforcement, while others may be reluctant to enforce restrictive terms against profitable customers.
    Flag comment  |  Permalink Reply
    Anonymous 3 years ago in reply to Anonymous
    Please re-opening
    Flag comment  |  Permalink Reply

      Add a comment

      Post a comment using one of these accounts
      Or join now
      At least 6 characters

      Note: Comment will appear soon after you have activated your account.
      Obscene/spam comments will be removed and accounts suspended.
      The information you submit is subject to our Privacy Policy and Terms of Service.

      ITworld LIVE

      SecurityWhite Papers & Webcasts

      White Paper

      Overcome Top 7 Admin Challenges of Active Directory

      As Active Directory's role in the enterprise has drastically increased, so has the need to secure the data. Gain insight on creating repeatable, enforceable processes that reduces administrative overhead and enables robust, customizable reporting and auditing capabilities. Brought to you by NetIQ.

      White Paper

      Insiders Can Ruin Your Company. Take Action.

      Did you know that 80 percent of threats to an organization come from the inside? The threat from insiders is often overlooked in organizations worldwide. This white paper from NetIQ, discusses key technology solutions that help to prevent and detect insider threats.

      White Paper

      Top Solutions and Tools to Prevent Devastating Malware

      Custom malware frequently goes undetected. According to Forrester Research, the best way to reduce risk of breach is to deploy file integrity monitoring (FIM) tools that provide immediate alerts. This white paper has been brought to you by NetIQ, the leader in solving complex IT challenges.

      White Paper

      Streamline Compliance and Increase ROI

      Streamline, simplify, and automate compliance related activities; especially those that impact multiple business units. This white paper from NetIQ, outlines solutions that will help your business gain the maximum return on investment possible while aligning your compliance programs.

      White Paper

      X-Ray of the PCI Process-4 Proactive Steps

      This white paper from Forrester Research Inc., helps break PCI into understandable components. Security and risk professionals will gain knowledge and insight into creating a compliant and secure IT environment. Follow these four proactive steps now before your next audit. Brought to you by NetIQ.

      See more White Papers | Webcasts

      Answers - Powered by ITworld

      ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

      Join Now

      New questions

      Friday fun: What's your guilty pleasure?
      1 answer
      Which is better for password security, length or complexity?
      1 answer
      What are the chances that the cloud will kill off the PC?
      1 answer
      How to print from a mobile device
      2 answers
      How to get started developing Android applications
      2 answers
      View more questions

      Ask a question

      Join Now or Sign In to ask a question.
      Ask a Question