InformationWeek
Business Innovation Powered By Technology
Powered by InformationWeek Business Technology Network
Topics:
Security
T-Mobile G1 'Android' Smartphone Has Serious Security Flaw
John Markoff, over at the New York Times, wrote an excellent account of a flaw in the new T-Mobile G1 smartphone. This flaw looks particularly nasty, and according to Markoff's story, is the result of Google failing to use the most recent versions of the open source components that form Android's foundation. The risk in the Google design, according to Mr. Miller [note: security researcher Charles A. Miller], who is a principal security analyst at Independent Security Evaluators in Baltimore, lies in the danger from within the Web browser partition in the phone. It would be possible, for example, for an intruder to install software that would capture keystrokes entered by the user when surfing to other Web sites. That would make it possible to steal identity information or passwords. That's a nasty one. But it seems that while Miller told Google of the flaw, he also disclosed its existence before Google had a chance to patch. Miller explains his reasoning to Markoff: Mr. Miller said he was withholding technical details, but said he felt that consumers had a right to know that products had shortcomings. First: if you don't know that products have "shortcomings," you probably lack the IQ necessary to dial the G1. Didn't we experiment with this partial-advance disclosure earlier this year with the now-famous DNS flaw which was announced sans-technical details by Dan Kaminsky? We all know it didn't take long for other security experts to figure out the nature of the flaw, and the information got released before everyone had time to patch. Despite Kaminsky's best intentions, the situation went into a nasty flat-spin that lasted for weeks. Thankfully, since the T-Mobile G1 doesn't come remotely close in importance to the Internet's DNS, we're not in for a repeat of the same magnitude. But it does show the debate on the proper disclosure of vulnerabilities just isn't going to die. No. The disclosure debate is like the maniacal killer in a bad horror flick: he just keeps lurching out at you at every turn. « Sprint: Android Ain't For Us. Not Yet, Anyway | Main | iPhone Gets Google Earth, Street Views On The Way » |
| Sign Up Now For InformationWeek News Alerts |
This is a public forum. United Business Media and its affiliates are not responsible for and do not control what is posted herein. United Business Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.
Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of United Business Media LLC and may be edited and republished in print or electronic format as outlined in United Business Media's Terms of Service.
Important Note: This comment area is NOT intended for commercial messages or solicitations of business.
