Charlie Miller of Independent Security Evaluators in Baltimore told the New York Times hat he was able to redirect the G1′s web browser to a malicious web site.
Google responded that they knew of the problem, but that inherent security features would limit the extent of damage. Applications are “sandboxed” in Android, meaning each one is isolated from the others restricting what access they have to one another and the base system.
Miller’s trick allows installation of keystroke logging software, allowing a hacker to capture passwords or other private data entered on the phone.
Google complained that Miller did not allow them to develop a fix before going public with the flaw. But Miller’s attitude has always been that if he can hack a system, others can do the same thing quietly and users are vulnerable in the meantime.
This vulnerability is disturbing for many, due to many pondering the development of phones based on the Android software.
Next Story: Spotted: hands-on with the BlackBerry Storm
- 2011-06-01: Qualcomm Keynote @ Uplinq 2011
- 2011-05-31: T-Mobile Will Ride HSPA+ to 672Mbps. Possibly Beyond
- 2011-05-25: Sony Ericsson revamps strategy, will release new models but stop software support, says Eldar Murtazin
- 2011-05-24: iPhone 3GS won't be upgraded to iOS 5.x, says Eldar Murtazin
- 2011-05-10: Google I/O 2011 wrap-up