SEO, Website Content Optimization
& Software Development

A serious security flaw has been found in Google’s T-Mobile G1 phone - less than a week after launch.

The vulnerability, discovered by security experts at Baltimore firm Independent Security Evaluators, could potentially allow hackers to direct G1 users to malicious websites.

The G1 runs on Google’s new Android operating system, an open source solution which has been specifically designed for mobile devices. According to Independent Security Evaluators (ISE), a buffer overflow problem with the software leaves users open to serious security breaches.

Once a device is breached, hackers could access any information held within its browser - including cookies and saved passwords - meaning bank details and other personal data could be at risk.

“If you end up on a bad guys’ site, he can basically take over the phone and run code, and access anything your browser has access to and do anything your browser could do,” commented Charlie Miller, principal analyst at ISE.

Although hackers would have access to the browser of a compromised phone, the modular nature of the Android operating system means that other functions, such as voice calling, would be unaffected.

“We wanted to sandbox every single application because you can’t trust any of them,” said Rich Cannings, a security engineer for Google, adding that the company was working on a fix for the problem.

ISE notified Google of the exploit on 20th October - two days before the G1 was released in the US - so that a fix could be worked on before an exploit was found ‘in the wild’. There are currently no reports of hackers taking advantage of the exploit.

Google will correct the security flaw to their iPhone competitor using an over-the-air update shortly. They will also hope that the scare will not harm sales during the all important Christmas retail period.

“We treat all security matters seriously and will carefully work with our partners to investigate and update devices periodically to reduce our users’ exposure,” the company said in a statement.

This entry was posted on Tuesday, October 28th, 2008 at 2:58 pm and is filed under General. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.