Security Flaw Discovered in Android's Browser
Independent Security Evaluators claim they have discovered a flaw in the Android browser that opens the device up to attacks. Not to worry however, mobile device attacks are still pretty uncommon and the issue is top priority to be fixed.
Android, Google’s open-source system that runs on HTC’s G1 is based on outdated open-source components, according to researchers. The vulnerability is actually previously known and has been addressed and solved, however Google didn’t incorporate the fix into Android.
With G1’s on sale already and the source code published, other manufacturers are expected to be releasing Android based phones in the near future. Motorola is one of the manufacturers onboard. As with the new release of any software, bugs and oversights are inevitable – we all know things aren’t perfect the first time around, and the fact that Android is open-source based, it is going to get a lot of attention from the open-source community. This also means we could see a lot of potential ‘issues’ being found over time as there will be more eyes on the code, unlike other manufacturers that keep their code guarded.
Independent Security Evaluators (ISE) are remaining tight-lipped over the details surrounding the vulnerability while they wait for Google to fix it. What they have said is that Android users that visit ‘malicious websites’ may find information from their device stolen from them. Things such as saved passwords are at high risk.
ISE has mentioned that the nature of the vulnerability and the design architecture of the device do not allow for someone to take control of device functions such as the dialer, so there is no need to worry about attacks involving device control.
Google said it is currently working on a solution to the problem in a recent statement:
“We are working with T-Mobile to include a fix for the browser exploit, which will soon be delivered over the air to all devices, and have addressed this in the Android open-source platform. The security and privacy of our users is of primary importance to the Android Open Source Project – we do not believe this matter will negatively impact them.”
For the record, ISE informed Google of the problem on October 20, so a fix should just about ready to roll out.
- Top 10 Gadgets That Harm Pets
- One Laptop Per Child to Offer Windows XP Pro XO
- A Fighter Jet for Google Founders
- Japanese Woman Kills Online Husband
- Namco Bandai Takes Over Hellgate: London: The End is Nigh
- Microsoft Doing Well, Reports Quarterly Earnings
- Yahoo! Sacks 10 percent of Staff, Plans New Offices in Nebraska
- Android to Learn Virtual Keyboard Input in Early 2009
- MSI Wind Gets a 30 Percent Speed Boost
- Jointech Introduces $125 Netbook -- Cheap Enough?
- Netflix Taps Microsoft’s Silverlight for Second-gen Media Player
- Stardock Investigates Non-Intrusive Solution to DRM
- Dell Announces the Inspiron Mini 12 -- Biggest Netbook Yet
- Sonos Introduces New iPhone Controller
- Notebook Shipments Outstrip Desktops
- Gmail Adds Docs and Calendar to Left-Nav
- Toys 'R' Us to Stock iPods and Eee PCs
- T-Mobile Android G1s Going Cheap at Wal-mart
- Sony Drops Black PSP Core Bundle at Last Minute
