For shame, Google. The G1 has barely even launched, and
it’s already faced with its first major breach
. An exploit has been discovered by an independent security expert which could potentially allow hackers to hijack the web browser on the G1, allowing them access to users’ passwords, cookies and text messages.
The exploit was discovered by Charlie Miller of Independent Security Evaluators, who first noticed the hole in the Android SDK. He bought an early G1 off a T-Mobile employee on eBay, confirmed that the exploit worked on the real deal, and reported the problem to Google two days before the G1 launched.
The exploit takes advantage of a buffer overrun flaw in one of Androids 80 open-source components. Android uses an out-of-date version of the component, newer versions have addressed the flaw. To protect G1 early-adopters, Miller hasn’t publicized which of the 80 components is the one with the weakness.
Google’s response? “We are working with T-Mobile to include a fix for the browser exploit, which will soon be delivered over the air to all devices, and have addressed this in the Android open-source platform.”