dslreports logo
Security Flaw in Android Found
Google says they're already working on it...
Just days after the T-Mobile/HTC G1 smart phone went on the market, a group of security researchers have found what they call a serious flaw in the Android operating system from Google, according to the New York Times. Co-discovered by a former National Security Agency computer security specialist, the flaw can be exploited by an attacker who might trick a G1 user into visiting a booby-trapped Web site. Google appears annoyed that the researcher didn't contact them before publication, say they're already working on it, and suggest that the security features of the phone will limit potential damage. From the Times:
quote:
The risk in the Google design, according to Mr. Miller, who is a principal security analyst at Independent Security Evaluators in Baltimore, lies in the danger from within the Web browser partition in the phone. It would be possible, for example, for an intruder to install software that would capture keystrokes entered by the user when surfing to other Web sites. That would make it possible to steal identity information or passwords.
view:
topics flat nest 

insomniac84
join:2002-01-03
Schererville, IN

insomniac84

Member

They've made it

Nothing legitimizes a platform more than being attacked.

Tzale
Proud Libertarian Conservative
Premium Member
join:2004-01-06
NYC Metro

Tzale

Premium Member

Re: They've made it

said by insomniac84:

Nothing legitimizes a platform more than being attacked.
I agree.

S_engineer
Premium Member
join:2007-05-16
Chicago, IL

S_engineer

Premium Member

Re: They've made it

You have to love it...idetity theft through the smart phone....how smart is that?

FFH5
Premium Member
join:2002-03-03
Tavistock NJ

1 edit

FFH5 to insomniac84

Premium Member

to insomniac84
said by insomniac84:

Nothing legitimizes a platform more than being attacked.
Yes, there isn't a browser made that doesn't have security flaws. Why would the Android platform be any different.

Isn't the Android browser and Google Chrome developed off the same code base, which has had its share of security flaws?

Metatron2008
You're it
Premium Member
join:2008-09-02
united state

1 recommendation

Metatron2008

Premium Member

Re: They've made it

Some people refuse to believe it.

I wish hackers would stop attacking new, promising stuff like Andriod, and attack what everyone hates: The smug mac users OSX.

knightmb
Everybody Lies
join:2003-12-01
Franklin, TN

knightmb

Member

Re: They've made it

said by Metatron2008:

Some people refuse to believe it.

I wish hackers would stop attacking new, promising stuff like Andriod, and attack what everyone hates: The smug mac users OSX.
They already do, that's why Mac OS has anti-virus software just like Windows, etc. Still, why Max users refuse to acknowledge that they can get a virus is beyond me. I'm more than happy to charge them to fix their virus infected system just like a windows infected system. I see more Windows systems infections than Mac just due to there being a 1000 to 1 ratio of existing Windows computers to Mac.

N3OGH
Yo Soy Col. "Bat" Guano
Premium Member
join:2003-11-11
Philly burbs

1 recommendation

N3OGH

Premium Member

Re: They've made it

I've had my Mac for over 2.5 years now, and I've never gotten a virus.

How about posting some specifics about how many "Max" you've had to clean viruses out of, and exactly what viruses are out there that can install themselves into OS X without the user knowing (EG, without having to willfully give the potential invader ROOT via a password)?

Yeah, I hear crickets.....

sid88984
@comcast.net

sid88984

Anon

Re: They've made it

i've had my windows pc for 15 years now.. nd have never gotten a virus
vincar
join:2005-07-28
Emerson, NJ

vincar to N3OGH

Member

to N3OGH
Just like he said, "Smug Mac Users" lol, thanks for validating that comment, Didn't take long at all.

N3OGH
Yo Soy Col. "Bat" Guano
Premium Member
join:2003-11-11
Philly burbs

N3OGH

Premium Member

Re: They've made it

Oh yeah, way to hide behind an anon post with no facts to back shit up.

Those crickets are getting LOUDER vincar.....

Metatron2008
You're it
Premium Member
join:2008-09-02
united state

Metatron2008

Premium Member

Re: They've made it

»www.sophos.com/pressoffi ··· eap.html

And btw, you get viruses simply by being stupid, visiting the wrong sites, downloading the wrong things, etc. You don't get viruses unless you ALLOW them.

Find me a large amount of MS-DOS or windows viruses (earlier then 3.1)?

Yeah, now don't let the door smack you in your smug little grin.
Metatron2008

2 edits

Metatron2008

Premium Member

Re: They've made it

And btw, mac sheep, find a mac user percentage that's not on a blog. Because I dunno how ignorant you are, but blogs are usually bull shit.

If you wanna believe what some guy wrote in a blog, I can easily write a blog saying Apple users are idiot sheep who buy Macs because their too stupid to be safe and not visit sites that will give them viruses, which would be more closer to the truth then the blog you sheep linked me too.

N3OGH
Yo Soy Col. "Bat" Guano
Premium Member
join:2003-11-11
Philly burbs

N3OGH

Premium Member

Re: They've made it

Dude,

how riled up are you that you're double posting at 3:15 AM?

I mean really, it's a computer, not your spouse.

Lighten up, Francis.....

FiL25
Premium Member
join:2005-08-16
Silver Spring, MD

FiL25

Premium Member

Re: They've made it

The Smuggness is almost at Critical Mass!!!!!!11!!!1!!111!
Expand your moderator at work

fireflier
Coffee. . .Need Coffee
Premium Member
join:2001-05-25
Limbo

1 recommendation

fireflier to N3OGH

Premium Member

to N3OGH
I've had more than 10 PCs (ranging from dual floppies, to MFM HDDs, to the current SATA/RAID versions) over almost 20 years and never had a virus.

Lack of infection doesn't necessarily mean your OS is bulletproof. I can also mean you're smart, careful, lucky, or all of the above.

33591094 (banned)
join:2002-11-19
Canada

33591094 (banned) to N3OGH

Member

to N3OGH
said by N3OGH:

I've had my Mac for over 2.5 years now, and I've never gotten a virus.

I've been on a MS platform for virtually decades, now. Never been affected by a virus - ever.

Your example is flawed.
itguy05
join:2005-06-17
Carlisle, PA

itguy05 to knightmb

Member

to knightmb
quote:
They already do, that's why Mac OS has anti-virus software just like Windows, etc.
So does Linux, and Solaris. But neither them not OS X have a high potential for virus infestations.

Look at the stats - there are far fewer viruses for non-Windows platforms. Why? Harder to write.
quote:
get a virus is beyond me. I'm more than happy to charge them to fix their virus infected system just like a windows infected system.
And you'd go broke trying. But then again you really don't like facts.
quote:
I see more Windows systems infections than Mac just due to there being a 1000 to 1 ratio of existing Windows computers to Mac.
Bzzt, wrong. What's Mac up to now - the #3 computer vendor in the USA. IIRC their US marketshare is at around 14% ( »weblogs.baltimoresun.com ··· ans.html) so it's more like:

86 Windows to 14 Mac machines in a sample of 100 computers.

Dare to get out of the Windows world - you'll see that there is a better way out there.

Metatron2008
You're it
Premium Member
join:2008-09-02
united state

1 edit

Metatron2008

Premium Member

Re: They've made it

Harder to write huh? Ignorance runs strong with this one.

Nothing is 'harder to write'. People attack windows because it has the most chance for damage.

Get out of your ignorant world.

koolman2
Premium Member
join:2002-10-01
Anchorage, AK

koolman2

Premium Member

Re: They've made it

Android most definitely has the most chance for damage.
ditka_b
Premium Member
join:2001-10-05
Barrington, IL

ditka_b to Metatron2008

Premium Member

to Metatron2008
I agree about the smugness of MacOSX users.
Funny thing is Apples been very smart in not opening it up more because as soon as they grow much more or allow osx on other non apple machines the hackers will switch their attention and bring OSX to it's kness. Nothing is unhackable or safe when they put their collective minds to it.

technick
Premium Member
join:2000-12-16
Wheat Ridge, CO

technick

Premium Member

Common stuff among NEW Platforms

I picked up my G1 last night and I am really impressed by the platform and how intuitive it is. My biggest grip is with the service coverage of T-Mobile. My AT&T phone never had a problem with service here and my G1 can barely keep a single bar most of the time. The battery performance needs a lot of work, I killed a full battery with moderate use in a little under 4 hours.

If something can't be done about the coverage issue, I will return the phone with in 14 days =\.

It should be only a matter of time before google has this patched.

badtrip
Premium Member
join:2004-03-20

1 recommendation

badtrip

Premium Member

Data on a G1 is not secure. Duh?

I would never dream of using my G1 to do anything other than light browsing and comparison shopping, stuff like that.

Only a fool, IMO would do their banking or keep other personal sensitive data on their G1. The G1 can be set to connect to open wireless access points. Someone could put a wireless router somewhere where folks sit and browse on their phones and if the phone users are not paying attention, completely hijack them and their phone.

That's just one security vulnerability and it took me 3 seconds to think it up. A more malicious, more clever person than me can surely think of much worse.

Users need to be educated about this. A G1 is not a mini desktop PC you carry around, it is a mobile communication hub. Most of the security of your private data on your pc is due to the pc's physical size and location. That safeguard is removed on the G1.

RyanHelme01

Anon

Re: Data on a G1 is not secure. Duh?

I have seen people set up Ad-Hoc "hot spots" in airports with names like "Free Internet", and you just know that people connect to it and browse and shop and all the time they are going through a persons computer to get to the net and that computer is capturing every packet.

95% of issues (I believe) are more toward user stupidity than anything else... well stupidity and a minor "feature" lol
k1ll3rdr4g0n
join:2005-03-19
Homer Glen, IL

k1ll3rdr4g0n

Member

Wait...

Google is annoyed that they weren't contacted first?
Uhhh...
How are you supposed to contact google? Lemme guess he was supposed to call the 800 # number that they have for support...
Now knowing google's past support in their 'free' products (gmail ect), I would bet money that they don't have a point of contact for the G1. Don't know this for sure as I didn't buy a Gl; can anyone verify?

Yes, google does provide the newsgroups/mailing lists as a means to contact them but someone like Mr. Miller doesn't have the time (or even want) to post in a newsgroup or mailing list.

My 2 cents.
dandin1
join:2008-05-27

dandin1

Member

Re: Wait...

The idea of responsible disclosure is that you report it to the company first. Google not only has channels to do so, but as android is open source it has a public bugtracker and devel mailing lists. But I supposed you don't get much media attention that way, eh?

What I'm wondering is: Does he mean that a webpage can log keys when it is not the active window? Because "install software that would capture keystrokes" sounds rather dubious, like it might mean that the user has to *install* the software. That would hardly be a flaw, but pure user stupidity. Microsoft tried to fix user stupidity with IE7, and all we got was a series of Run/don't run boxes and warning bars.

TamaraB
Question The Current Paradigm
Premium Member
join:2000-11-08
Da Bronx
·Verizon FiOS
Ubiquiti NSM5
Synology RT2600ac
Apple AirPort Extreme (2013)

TamaraB to k1ll3rdr4g0n

Premium Member

to k1ll3rdr4g0n
said by k1ll3rdr4g0n:

Yes, google does provide the newsgroups/mailing lists as a means to contact them ...
Duhhhh.. Newsgroups and mailing lists are public. How is posting there any different than publishing an article? Mr. Miller likely published because there is no DIRECT/PRIVATE communications channel.

Bob
dandin1
join:2008-05-27

dandin1

Member

Re: Wait...

Yes, and what can be found in bugtrackers and mailling lists? The e-mail address of plenty of google employees working on android and their respective position.
wildinak
join:2008-03-09

wildinak

Member

whoa what was that!?

Very typical of dhls to not contact before publication obviously a deliberate attack. poor Google. Well at least they are taking action to this problem and will be updated or fixed maybe even a recall possible refunds but I highly doubt it.

kfsutops
Premium Member
join:2002-08-19
Lutz, FL

kfsutops

Premium Member

Is anybody really surprised??

To google, the ability to add a keylogger is a feature.

Doesn't the Chrome browser automatically do this already unless you turn the "feature" off?

TruckerKW
join:2002-03-31
Buckner, IL

TruckerKW

Member

RE: Mac users

Why is there always this core group of yayhoos on this site who always turn something into an anti Mac bash.

Whoever said we think were invulnerable to viruses and security vulnerabilities. I never said that.

What gives you a right to stereotype us. Why is Mac users so hated on this site.

Because we don't drive the same type of f*cking car you do?

What the hell matters what's under our hood. It gets us from point A to B, in a way that we like to get there.

Go have your KKK meetings elsewhere. It's people like you that hurt others for no reason and make life so hard to live when it otherwise should not be.

Metatron2008
You're it
Premium Member
join:2008-09-02
united state

Metatron2008

Premium Member

Re: Mac users

I think you guys are hated for obvious reasons. Look above at the smug attitude of a couple of mac users.

If the average mac user didn't go around acting like he's better then everyone, he wouldn't get insulted.

minimeme
@charter.com

minimeme

Anon

over rated anyway

google and everything about is so over rated, i can't stand it.

would you fanboys please get on another high horse?

TamaraB
Question The Current Paradigm
Premium Member
join:2000-11-08
Da Bronx
·Verizon FiOS
Ubiquiti NSM5
Synology RT2600ac
Apple AirPort Extreme (2013)

TamaraB

Premium Member

Learnibg from M$ ?

Releasing a product with "known flaws" is something GOOGLE must have learned from Gate$. A bad start if you ask me. Using your user base to debug your stuff is evil.

Do we have another M$ on the block to crap up the net? I can just see it now; mobile spam proxies! Wonderful.

Bob

nekkidtruth
YISMM
Premium Member
join:2002-05-20
London, ON
Netgear R7000
Asus RT-N66
Hitron CODA-4582

nekkidtruth

Premium Member

Re: Learnibg from M$ ?

said by TamaraB:

Using your user base to debug your stuff is evil.
So basically what you're saying is "Open source products are evil because anyone can debug the code".

Ignorant much?

There are several open source softwares and or products that are highly secure and would even put some closed source products to shame security wise. Such an ignorant statement to make.
chrisbmoore
join:2003-08-28
Elkins Park, PA

chrisbmoore

Member

bleh..

exactly why I dont jump on the bandwagon...when something is hyped as the best thing since sliced bread you can bet everyone is paying attention and that includes hackers. If it is quietly released without much fanfare, you don't hear about this kind of stuff. I'll just get something like the LG Dare
axus
join:2001-06-18
Washington, DC

axus

Member

Google annoyed?

The article says that the researcher notified Google first. I don't see anything wrong with warning people about potential problems!

Aygeear
A Day Late And A Dollar Short
join:2000-12-03
Stockton, CA

Aygeear

Member

Re: Mac Users

Anyone attacking Mac users is simply ignorant, bigoted, or both. Choosing a computer operating system is based on your needs and your preferences, nothing more. As others have said, Mac bashing is akin to car bashing.

Evidence of Apple's tolerance of all operating systems can be found in the current generation of Macs. They run both Mac OS and Windows equally, leaving the choice up to the user. It is the best of both worlds. You can have your choice. If you don't want the convenience of both operating systems, that's your choice. But why criticize others who opt for a different choice? Only stupid, prejudiced people would do that.

•••