Just days after the T-Mobile G1 smartphone went on the market, a group of security researchers have found what they call a serious flaw in the Android software from Google that runs it.
One of the researchers, Charles Miller, notified Google of the flaw last week and said he was publicizing it now because he believed that cellphone users were not generally aware that increasingly sophisticated smartphones faced the same threats that plague Internet-connected personal computers.
Miller, a former National Security Agency computer security specialist, said the flaw could be exploited by an attacker who might trick a G1 user into visiting a booby-trapped Web site.
The G1 went on sale at T-Mobile stores on Wednesday.
Google executives acknowledged the issue but said that the security features of the phone would limit the extent of damage that could be done by an intruder, compared with today’s PCs and other cellphones.
Unlike modern personal computers and other advanced smartphones like the iPhone, the Google phone creates a series of software compartments that limit the access of an intruder to a single application.
“We wanted to sandbox every single application because you can’t trust any of them,” said Rich Cannings, a Google security engineer.
He said that the company had already fixed an open-source version of the software and was working with its partners, T-Mobile and HTC (宏達電), to offer fixes for its current customers.
Typically, today’s computer operating systems try to limit access by creating a partition between a single user’s control of the machine and complete access to programs and data, which is referred to as superuser, root or administrative access.
The risk in the Google design, said Miller, who is a principal security analyst at Independent Security Evaluators in Baltimore, lies in the danger from within the Web browser partition in the phone. It would be possible, for example, for an intruder to install software that would capture keystrokes entered by the user when surfing to other Web sites. That would make it possible to steal identity information or passwords.
Miller has previously gained attention for finding other vulnerabilities. In March, he received US$10,000 and a Macintosh Air laptop in a contest at the CanSecWest security conference by reading the contents of a file stored on a Mac laptop by directing the machine to a Web site that was able to exploit a vulnerability in Apple’s Safari browser.
Google executives said they believed that Miller had violated an unwritten code between companies and researchers that is intended to give companies time to fix problems before they are publicized.
Miller said he was withholding technical details, but said he felt that consumers had a right to know that products had shortcomings.
Semiconductor business between Taiwan and the US is a “win-win” model for both sides given the high level of complementarity, the government said yesterday responding to tariff threats from US President Donald Trump. Home to the world’s largest contract chipmaker, Taiwan Semiconductor Manufacturing Co (TSMC, 台積電), Taiwan is a key link in the global technology supply chain for companies such as Apple Inc and Nvidia Corp. Trump said on Monday he plans to impose tariffs on imported chips, pharmaceuticals and steel in an effort to get the producers to make them in the US. “Taiwan and the US semiconductor and other technology industries
SMALL AND EFFICIENT: The Chinese AI app’s initial success has spurred worries in the US that its tech giants’ massive AI spending needs re-evaluation, a market strategist said Chinese artificial intelligence (AI) start-up DeepSeek’s (深度求索) eponymous AI assistant rocketed to the top of Apple Inc’s iPhone download charts, stirring doubts in Silicon Valley about the strength of the US’ technological dominance. The app’s underlying AI model is widely seen as competitive with OpenAI and Meta Platforms Inc’s latest. Its claim that it cost much less to train and develop triggered share moves across Asia’s supply chain. Chinese tech firms linked to DeepSeek, such as Iflytek Co (科大訊飛), surged yesterday, while chipmaking tool makers like Advantest Corp slumped on the potential threat to demand for Nvidia Corp’s AI accelerators. US stock
The US Federal Reserve is expected to announce a pause in rate cuts on Wednesday, as policymakers look to continue tackling inflation under close and vocal scrutiny from US President Donald Trump. The Fed cut its key lending rate by a full percentage point in the final four months of last year and indicated it would move more cautiously going forward amid an uptick in inflation away from its long-term target of 2 percent. “I think they will do nothing, and I think they should do nothing,” Federal Reserve Bank of St Louis former president Jim Bullard said. “I think the
‘LASER-FOCUSED’: Trump pledged tariffs on specific sectors, including semiconductors, pharmaceuticals, steel, copper and aluminum, and perhaps even cars US President Donald Trump said he wants to enact across-the-board tariffs that are “much bigger” than 2.5 percent, the latest in a string of signals that he is preparing widespread levies to reshape US supply chains. “I have it in my mind what it’s going to be but I won’t be setting it yet, but it’ll be enough to protect our country,” Trump told reporters on Monday night. Asked about a report that incoming US Secretary of the Treasury Scott Bessent favored starting with a global rate of 2.5 percent, Trump said he did not think Bessent supported that and would not
RSS