Google Scrambles to Patch Nasty Exploit in Android G1
Posted 10/27/08 at 02:19:36 PM | by Alex Castle
For shame, Google. The G1 has barely even launched, and it’s already faced with its first major breach. An exploit has been discovered by an independent security expert which could potentially allow hackers to hijack the web browser on the G1, allowing them access to users’ passwords, cookies and text messages.
The exploit was discovered by Charlie Miller of Independent Security Evaluators, who first noticed the hole in the Android SDK. He bought an early G1 off a T-Mobile employee on eBay, confirmed that the exploit worked on the real deal, and reported the problem to Google two days before the G1 launched.
The exploit takes advantage of a buffer overrun flaw in one of Androids 80 open-source components. Android uses an out-of-date version of the component, newer versions have addressed the flaw. To protect G1 early-adopters, Miller hasn’t publicized which of the 80 components is the one with the weakness.
Google’s response? “We are working with T-Mobile to include a fix for the browser exploit, which will soon be delivered over the air to all devices, and have addressed this in the Android open-source platform.”
Image Credit: Google
Comments
Print
Email
Do you really think there
Submitted by chris.peplin on Mon, 2008-10-27 13:24
Do you really think there are no security problems on the iPhone? Android is not unique...but at least it's open source, so these issues are discovered and patched much quicker than with proprietary software.
It's also common to see older version of libraries and other software - they've been tested for longer, and are generally more stable than the cutting edge. Usually security updates get pushed into older version, this is just an exception to that.
Man I hope that they fix the
Submitted by Keith E. Whisman on Mon, 2008-10-27 13:14
Man I hope that they fix the problem befor somebody blabs their big fat mouths off.
So your really saying that I bought a phone with obsolete software built into it? That sucks. And I love browsing the the web on my G1. But for some reason when I try to make posts here with my G1 the Google Search automatically launches and my text goes into the text box instead of here.
RESOURCE CENTER
KICK ASS OFFERS
MOST COMMENTED ARTICLES
MOST RECENT COMMENTS
THIS MONTH's ISSUE 
FEATURE Awesome Upgrades: The best PC upgrades in every price range.HOW TO Connect your PC to your surround-sound audio systemProtect Your PC We put 10 of the most popular antivirus programs to the test to see which will protect you best. Android Revealed Find out how the Google-powered HTC G1 stacks up against its rivals.
Technology News
Computer Cooling Fans
Computer Cases
PC Game Controllers
PC Games
Computer Hardware
Headphones
MP3 Players
Stream Video
Computer Mouse
Monitors
Motherboards
NAS Storage
Networking
Laptop Computers
DVD Burner
Digital Cameras
Portable Storage
Computer Accessories
Smartphone
Antivirus Software
Sound Cards
Speakers
Computer Systems
Thumb Drives
Video Cameras
Video Card Reviews
Water Cooling
Gadgets
- Keyboards
© 2008 Future US, Inc. All Rights Reserved.