A group of security researchers have found what they call a “serious flaw” in the Android software used to operate T-Mobile’s “Google Phone.” The researchers apparently found the flaw a few days after the phone initially went on the market and notified Google this week of the issue as well as The New York Times.

According to Charles A Miller, a former computer security specialist for the national security Agency a security issue could arise if a G1 user went to a “booby-trapped” web site. According to miller such a website could install an application on the phone without a user’s knowledge. An application such as one that records keystrokes could then in turn be used to capture passwords for websites the user visits via their handset.

After Miller reported his findings to Google they publically acknowledged that the phone may have an issue. Rich Cannings, a Google security engineer told the New York Times “We wanted to sandbox every single application because you can’t trust any of them,” and that “sandboxing” would limit how far into a particular user’s personal information a hacker would be able to get should they gain access to the phone.

I feel like the majority of the people who purchased the Google phone have to have some general idea of how the internet works, and what security measures you need to take when surfing the web. The security vulnerabilities that the G1 face are no different than those you have on your own personal computer. If a website looks fishy, then you probably shouldn’t go to it.

Android is going to be a huge target for hackers without a doubt. I don’t know that Miller’s findings are really all the fantastical. It would be nice to see Google come up with some security measures however to prevent malice as much as possible. Maybe even some anti-virus software for the handset?

Related:

Entry was posted on Saturday, October 25th, 2008 at 5:49 pm under Cell phones, Google, Open source, Uncategorized.

Read more entries by Emily Price.
Stumble It!