Android handset
Android relies on 80 open-source components
R E L A T E D   C O N T E N T
Similar articles
IT hound results
News centre
More from vnunet.com

Free email newsletters




ADVERTISEMENT

First Google Android flaws surface

Outdated components leave handset vulnerable

Shaun Nichols in San Francisco, vnunet.com 28 Oct 2008
ADVERTISEMENT

A trio of researchers has disclosed the first security flaw for the Google Android platform and pointed out a fundamental security problem in the open source process.

The vulnerability was discovered by researchers Charlie Miller, Mark Daniel and Jake Honoroff from security testing and analysis firm Independent Security Evaluators.

While the three have elected not to disclose details about the flaw until a fix can be issued, they said that a successful exploit could allow an attacker to retrieve all stored information in the victim's browser.

The researchers praised Android for its secure "sandbox" mode, which limits the scope of attacks by cutting off access to outside components, but they also noted what could become a major security hurdle for Android.

The flaw lies within one of the open-source components used by the Android platform, say the researchers.

"The vulnerability is due to the fact Google did not use the most up-to-date versions of all these packages," the trio said.

"In other words, this particular security vulnerability that affects the G1 phone was known and fixed in the relevant software package, but Google used an older, still vulnerable version."

Because Android relies on some 80 different open-source components, keeping track of security disclosures and bug fixes could prove difficult, potentially leaving the platform open to future attacks.

News of the disclosure comes less than one week after the first Android-powered handset hit the US market in the form of the T-Mobile G1. Other vendors, including Motorola and Kyocera are also said to be poised to unveil Android devices.

See also:

Mobile web user
IBM issues mobile web call to arms
Research finds half of consumers ready to swap fixed for mobile web access  24 Oct 2008
Gmail
Google adds offline support to mobile Gmail
Gmail for Mobile 2.0 also runs faster and supports J2ME phones  24 Oct 2008
T-Mobile G1
T-Mobile launches Android G1 in the US
New handset expected to be Apple's strongest challenger  23 Oct 2008
T-Mobile Android G1
Google shows off Gmail on Android
Marketing man touts mobile mail capabilities ahead of G1 launch  20 Oct 2008
Sergey Brin
Google investing profits in datacentres
Web giant also plans to pour funds into infrastructure and new application development  17 Oct 2008

All Hacking
Tags: Google, Android, G1, Communications, Security

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Permalink for this story
R E A D E R   C O M M E N T S
Post your comment Post your comment   What is this?

M A R K E T P L A C E
Sponsored links
F E A T U R E D   J O B S
Blackberry Developer - The Hague
| Randstad Technologies
Blackberry Developer - €45,000 - €50,000 – The Hague Leading mobile application development Company is looking for a talented senior software developer to join the mobile software engineering team to design and develop the next ... more >
SOFTWARE DEVELOPMENT MANAGER - MANCHESTER
| Evolution Recruitment Solutions
IT Development Manager - .Net, C#, embedded C, SQL. This is a new position to take ownership of UK focused software development projects. Core responsibilities will be delivering new software solutions, identifying development requirements, managing ... more >
2 x Java / Oracle Developers - Birmingham
| Computer People
Working for an award winning technology company based in Birmingham, Computer People are looking for 2 Java Software developers to join them in brand new positions. The role will involve end to end analysis and ... more >
C#.NET Software Engineer - Technical Lead - growing firm!
| Computer People
Computer People Nottingham are recruiting for a local firm who are experiencing great success within their industry sector. With long-term growth plans, business is booming hence the need for a new Lead Software Engineer skilled ... more >
More job opportunities

Useful links: About us . Privacy policy . Terms & conditions . Site map . Bookmark this site . Advertise
Consumer Technology websites:
Active Home Product reviews, competitions, news
Computeractive Software reviews, hardware reviews, buyers' guides, workshops, downloads
PC Magazine your personal guide to technology
PCW software product reviews, hardware product reviews, buyers' guides, competitions
What PC? helping you purchase the right computer, digital camera, peripherals, gadgets and more
Blogs:
Test Bed The PCW Labs blog, PCW Inter@ctive A reader blog from PCW. Your views, your comments, your say, Windows Watch Keeping an eye on the latest XP and Vista news
Jobs & Recruitment websites:
Accountancy Age Jobs Accountant jobs, jobs in finance, audit jobs, cima jobs, acca jobs, corporate finance jobs, management accounting jobs, finance director jobs, finance recruitment agency directory, Top 50 accountancy firms, accountant salary survey
Computing Careers IT jobs, Programmer jobs, Developer jobs, IT manager jobs, Project manager jobs, SAP jobs, Oracle Jobs, Java Jobs, IT recruitment agency directory, Software engineer jobs
Inquirer Jobs Firmware developer jobs, Electronics engineer jobs
Other titles in the Incisive Media network:
Business Technology websites: BusinessGreen . Computing . Computing Business . CRN . The Inquirer . V3.co.uk
Business & Finance websites: Accountancy Age . Best Practice . Financial Director . Management Consultancy
© Incisive Media Investments Limited 2010, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093