Security Flaw Discovered in Google's G1 Mobile Phone

by Lisa Hoover - Oct. 25, 2008Comments (8)

Reports are emerging of a serious security flaw with the Android software that powers T-Mobile's newly-launched G1 smartphone. Charles Miller, the researcher who discovered it, says he notified Google of the flaw this week but decided to also go public with the information to protect users from becoming exploited by people with nefarious intent.

The flaw could be used to lure unwitting G1 users into visiting a Website that would install malicious software onto the phone.

According to the New York Times, "Google executives acknowledged the issue but said that the security features of the phone would limit the extent of damage that could be done by an intruder, compared with today’s PCs and other cellphones."

Google executives also expressed displeasure that Miller would publicize the flaw before a patch was available and suggested he had violated an unwritten code of conduct between companies and researchers. Miller responded by saying G1 customers have "a right to know."

 


Browse Blog

D J uses OStatic to support Open Source, ask and answer questions and stay informed. What about you?



8 Comments
 

that's great, security is the first ,

more information about phont ,


http://www.mobilephone02.com


0 Votes

Security is something that G1 users are worried about. This news isn't great but it was bound to happen at the beginning of such a large project.


Discuss more at www.androidmobileforum.com


0 Votes

It was my understanding that Google incorporated such things as a remote 'kill switch' not only to turn off third party apps that might create instability issues, but also to address things like the exploit vaguely stated in this matter. Unlike Apple's iPhone kill switch which they choose to hide from the public as long as possible, Google was pretty up front about the level of control they might opt to use.


0 Votes

I must say I agree with Google, publicity of vulnerability is not a "have to know" issue. Charles is being a little righteous.


Google should be notified and a time for fixing requested (or stipulated) AFTER WHICH publicity is quite reasonable. But creating bad impressions for no good reasons when a company has responsively fixed the problem is not helpful to them (how do they improve on 'drop everything and fix it'?) or me (if my next update includes the patch, how has any extra harm been visited on me?).


It only serves to produce bad publicity - so your brand new OS on your brand new phone has a vulnerability? well, isn't that the first occurrence in the history of the world?


Sorry, no I recant my estimation from above, Charles is being a lot righteous. Its a bit of a Warhol-esque event.


0 Votes

Nice post,great info,thank you for sharing us!Keep it up!


http://www.sw-box.com/wholesale-china-mobile-phone.html


0 Votes

Today G1 Mobile Phone has been a demand of the day. Its features make it the king of all mobile phones in the market today. As per the records mobile phone has become necessarily for life and if we talk about which is the best Mobile Phone then it’s the Google’s Android that is counted first.


http://www.g1mobilephone.net


0 Votes

Thanks. Nice blog.Very informative and i will keep visiting this blog.


pdaaccessories.com/productDetail.asp?accid=1826&searchcat=Chargers+and+Synchronizers


0 Votes

a serious security flaw with the Android software that powers T-Mobile's newly-launched G1 smartphone that will be no good for users . http://www.yoytrade.com


0 Votes
Share Your Comments

If you are a member, to have your comment attributed to you. If you are not yet a member, Join OStatic and help the Open Source community by sharing your thoughts, answering user questions and providing reviews and alternatives for projects.