Only days after the T-Mobile G1 smartphone hit the market, a group of security researchers have found a problem. They’re calling it a serious flaw in the Android OS itself.
Charles A. Miller, one of the researchers involved has notified Google of the flaw and is busy publicizing it now because he believes it is something we should all be aware of.
Miller is a computer security specialist, formerly at the National Security Agency. He said that the flaw could be exploited by visiting booby-trapped websites. The danger in the flaw lies within the web browser on the device. He has noted that it would be possible for an intruder to install software that could capture keystrokes entered by a user when surfing the web. That info could come in handy if you make a habit of stealing identity info or passwords.
Google has acknowledged the issue but said that their security features on the phone would limit any damage.
Rich Cannings, a Google security engineer commented:
“We wanted to sandbox every single application because you can’t trust any of them…”
He went on to say that Google had already fixed an open-source version of the software and was working with T-Mobile and HTC to offer fixes for current users.
[ Source ]
