Just days after the T-Mobile G1 smartphone went on the market, a group of security researchers have found what they call a serious flaw in the Android software from Google that runs it.
One of the researchers, Charles Miller, notified Google of the flaw last week and said he was publicizing it now because he believed that cellphone users were not generally aware that increasingly sophisticated smartphones faced the same threats that plague Internet-connected personal computers.
Miller, a former National Security Agency computer security specialist, said the flaw could be exploited by an attacker who might trick a G1 user into visiting a booby-trapped Web site.
The G1 went on sale at T-Mobile stores on Wednesday.
Google executives acknowledged the issue but said that the security features of the phone would limit the extent of damage that could be done by an intruder, compared with today’s PCs and other cellphones.
Unlike modern personal computers and other advanced smartphones like the iPhone, the Google phone creates a series of software compartments that limit the access of an intruder to a single application.
“We wanted to sandbox every single application because you can’t trust any of them,” said Rich Cannings, a Google security engineer.
He said that the company had already fixed an open-source version of the software and was working with its partners, T-Mobile and HTC (宏達電), to offer fixes for its current customers.
Typically, today’s computer operating systems try to limit access by creating a partition between a single user’s control of the machine and complete access to programs and data, which is referred to as superuser, root or administrative access.
The risk in the Google design, said Miller, who is a principal security analyst at Independent Security Evaluators in Baltimore, lies in the danger from within the Web browser partition in the phone. It would be possible, for example, for an intruder to install software that would capture keystrokes entered by the user when surfing to other Web sites. That would make it possible to steal identity information or passwords.
Miller has previously gained attention for finding other vulnerabilities. In March, he received US$10,000 and a Macintosh Air laptop in a contest at the CanSecWest security conference by reading the contents of a file stored on a Mac laptop by directing the machine to a Web site that was able to exploit a vulnerability in Apple’s Safari browser.
Google executives said they believed that Miller had violated an unwritten code between companies and researchers that is intended to give companies time to fix problems before they are publicized.
Miller said he was withholding technical details, but said he felt that consumers had a right to know that products had shortcomings.
TAKING STOCK: A Taiwanese cookware firm in Vietnam urged customers to assess inventory or place orders early so shipments can reach the US while tariffs are paused Taiwanese businesses in Vietnam are exploring alternatives after the White House imposed a 46 percent import duty on Vietnamese goods, following US President Donald Trump’s announcement of “reciprocal” tariffs on the US’ trading partners. Lo Shih-liang (羅世良), chairman of Brico Industry Co (裕茂工業), a Taiwanese company that manufactures cast iron cookware and stove components in Vietnam, said that more than 40 percent of his business was tied to the US market, describing the constant US policy shifts as an emotional roller coaster. “I work during the day and stay up all night watching the news. I’ve been following US news until 3am
Six years ago, LVMH’s billionaire CEO Bernard Arnault and US President Donald Trump cut the blue ribbon on a factory in rural Texas that would make designer handbags for Louis Vuitton, one of the world’s best-known luxury brands. However, since the high-profile opening, the factory has faced a host of problems limiting production, 11 former Louis Vuitton employees said. The site has consistently ranked among the worst-performing for Louis Vuitton globally, “significantly” underperforming other facilities, said three former Louis Vuitton workers and a senior industry source, who cited internal rankings shared with staff. The plant’s problems — which have not
TARIFF CONCERNS: The chipmaker cited global uncertainty from US tariffs and a weakening economic outlook, but said its Singapore expansion remains on track Vanguard International Semiconductor Corp (世界先進), a foundry service provider specializing in producing power management and display driver chips, yesterday withdrew its full-year revenue projection of moderate growth for this year, as escalating US tariff tensions raised uncertainty and concern about a potential economic recession. The Hsinchu-based chipmaker in February said revenues this year would grow mildly from last year based on improving supply chain inventory levels and market demand. At the time, it also anticipated gradual quarter revenue growth. However, the US’ sweeping tariff policy has upended the industry’s supply chains and weakened economic prospects for the world economy, it said. “Now
COLLABORATION: Given Taiwan’s key position in global supply chains, the US firm is discussing strategies with local partners and clients to deal with global uncertainties Advanced Micro Devices Inc (AMD) yesterday said it is meeting with local ecosystem partners, including Taiwan Semiconductor Manufacturing Co (TSMC, 台積電), to discuss strategies, including long-term manufacturing, to navigate uncertainties such as US tariffs, as Taiwan occupies an important position in global supply chains. AMD chief executive officer Lisa Su (蘇姿丰) told reporters that Taiwan is an important part of the chip designer’s ecosystem and she is discussing with partners and customers in Taiwan to forge strong collaborations on different areas during this critical period. AMD has just become the first artificial-intelligence (AI) server chip customer of TSMC to utilize its advanced
RSS