Security Flaw in Android

Posted on October 25, 2008. Filed under: android, Google, Hacks | Tags: , , , , , |

Charles A. Miller is once again the man here. You might recall a guy winning $10,000 for taking over MacBook Air via a vulnerability in Safari browser at a recent security contest.

“Serious Flaw” has been detected in Android release version ( that comes in G1).

Heres a quote from NewYorkTimes article

Charles A. Miller, notified Google of the flaw this week and said he was publicizing it now because he believed that cellphone users were not generally aware that increasingly sophisticated smartphones faced the same threats that plague Internet-connected personal computers.

The risk in the Google design, according to Mr. Miller, who is a principal security analyst at Independent Security Evaluators in Baltimore, lies in the danger from within the Web browser partition in the phone. It would be possible, for example, for an intruder to install software that would capture keystrokes entered by the user when surfing to other Web sites. That would make it possible to steal identity information or passwords.

Heres what happens. You visit a questionable website –> Browser in Android is exploited –> triggers download of an Application into your G phone –> Executed in background.

Its not clear if there are any websites/applications that actually exploit this vulneralibility but its not a surprise either. Android in principle will be primary target of malicious code in the future. And this is _the_only_real problem Google’s gonna face years to come.

Here are the precautions you SHOULD take to avoid any such infestation atleast till we have an alarm-caution system and you should be fine.

  • DOWNLOAD ANDROID APPLICATIONS FROM CREDIBLE SOURCES. At the moment, there are about 2 other sites apart from Android Market

Remember, there are desktops near by for your adventures. Mobile Security can be potentially dangerous cuz we’re heading into “convergence” where our mobiles and destined to become our vallets.

Hence take such stories seriously.

[source: tech blorge via NYT ]

Make a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Liked it here?
Why not try sites on the blogroll...

%d bloggers like this: