Android Mobile Web Flaw Puts Users at Risk

Paul_Lilly

The last thing you want to be told when buying a new car is that you shouldn't be driving it, and likewise, HTC G1 owners can't be geeked to learn that at least one security researcher is advising against using the Android-based phone's web browser.

Security researcher Charlie Miller says a vulnerability in Google Android makes it possible for hackers to remotely take control of the phone's web browser and other related processes. At that point, hackers could then gain access to saved information stored in the browser and spy on a user's online transactions, including encrypted ones.

Interestingly, Miller notified Google of the flaw back on January 21 and a patch was put forth, which the search company has given to T-Mobile. But as of this writing, T-Mobile has yet to deploy the fix.

"The Android Security Team responded by contacting PacketVideo, T-Mobile, and oCERT, a public Computer Emergency Response Team. PacketVideo developed a fix on February 5th, and they patched Open Source Android two days later," writes Rich Cannings , a Google Android security engineer. "oCERT assisted PacketVideo with coordinating the fix, and they published an advisory detailing this issue. We offered the patch to T-Mobile when it became available, and G1 users will be updated at T-Mobile’s discretion."

No word has been given on when T-Mobile expects to push out the patch.

Around the web

by CPMStar (Sponsored) Free to play

Comments