Just days after the T-Mobile G1 smartphone went on the market, a group of security researchers have found what they call a serious flaw in the Android software from Google that runs it.
One of the researchers, Charles Miller, notified Google of the flaw last week and said he was publicizing it now because he believed that cellphone users were not generally aware that increasingly sophisticated smartphones faced the same threats that plague Internet-connected personal computers.
Miller, a former National Security Agency computer security specialist, said the flaw could be exploited by an attacker who might trick a G1 user into visiting a booby-trapped Web site.
The G1 went on sale at T-Mobile stores on Wednesday.
Google executives acknowledged the issue but said that the security features of the phone would limit the extent of damage that could be done by an intruder, compared with today’s PCs and other cellphones.
Unlike modern personal computers and other advanced smartphones like the iPhone, the Google phone creates a series of software compartments that limit the access of an intruder to a single application.
“We wanted to sandbox every single application because you can’t trust any of them,” said Rich Cannings, a Google security engineer.
He said that the company had already fixed an open-source version of the software and was working with its partners, T-Mobile and HTC (宏達電), to offer fixes for its current customers.
Typically, today’s computer operating systems try to limit access by creating a partition between a single user’s control of the machine and complete access to programs and data, which is referred to as superuser, root or administrative access.
The risk in the Google design, said Miller, who is a principal security analyst at Independent Security Evaluators in Baltimore, lies in the danger from within the Web browser partition in the phone. It would be possible, for example, for an intruder to install software that would capture keystrokes entered by the user when surfing to other Web sites. That would make it possible to steal identity information or passwords.
Miller has previously gained attention for finding other vulnerabilities. In March, he received US$10,000 and a Macintosh Air laptop in a contest at the CanSecWest security conference by reading the contents of a file stored on a Mac laptop by directing the machine to a Web site that was able to exploit a vulnerability in Apple’s Safari browser.
Google executives said they believed that Miller had violated an unwritten code between companies and researchers that is intended to give companies time to fix problems before they are publicized.
Miller said he was withholding technical details, but said he felt that consumers had a right to know that products had shortcomings.
Taiwan Semiconductor Manufacturing Co (TSMC, 台積電) would not produce its most advanced technologies in the US next year, Minister of Economic Affairs J.W. Kuo (郭智輝) said yesterday. Kuo made the comment during an appearance at the legislature, hours after the chipmaker announced that it would invest an additional US$100 billion to expand its manufacturing operations in the US. Asked by Taiwan People’s Party Legislator-at-large Chang Chi-kai (張啟楷) if TSMC would allow its most advanced technologies, the yet-to-be-released 2-nanometer and 1.6-nanometer processes, to go to the US in the near term, Kuo denied it. TSMC recently opened its first US factory, which produces 4-nanometer
PROTECTION: The investigation, which takes aim at exporters such as Canada, Germany and Brazil, came days after Trump unveiled tariff hikes on steel and aluminum products US President Donald Trump on Saturday ordered a probe into potential tariffs on lumber imports — a move threatening to stoke trade tensions — while also pushing for a domestic supply boost. Trump signed an executive order instructing US Secretary of Commerce Howard Lutnick to begin an investigation “to determine the effects on the national security of imports of timber, lumber and their derivative products.” The study might result in new tariffs being imposed, which would pile on top of existing levies. The investigation takes aim at exporters like Canada, Germany and Brazil, with White House officials earlier accusing these economies of
Teleperformance SE, the largest call-center operator in the world, is rolling out an artificial intelligence (AI) system that softens English-speaking Indian workers’ accents in real time in a move the company claims would make them more understandable. The technology, called accent translation, coupled with background noise cancelation, is being deployed in call centers in India, where workers provide customer support to some of Teleperformance’s international clients. The company provides outsourced customer support and content moderation to global companies including Apple Inc, ByteDance Ltd’s (字節跳動) TikTok and Samsung Electronics Co Ltd. “When you have an Indian agent on the line, sometimes it’s hard
PROBE CONTINUES: Those accused falsely represented that the chips would not be transferred to a person other than the authorized end users, court papers said Singapore charged three men with fraud in a case local media have linked to the movement of Nvidia’s advanced chips from the city-state to Chinese artificial intelligence (AI) firm DeepSeek (深度求索). The US is investigating if DeepSeek, the Chinese company whose AI model’s performance rocked the tech world in January, has been using US chips that are not allowed to be shipped to China, Reuters reported earlier. The Singapore case is part of a broader police investigation of 22 individuals and companies suspected of false representation, amid concerns that organized AI chip smuggling to China has been tracked out of nations such
RSS