Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Flaw In Android Web Browser

Posted by timothy on from the more-information-would-be-nice dept.

r writes "The New York Times reports on a security flaw discovered in the new Android phones. The article is light on details, but it hints at a security hole in the browser, allowing for trojans to install themselves in the same security partition as the browser: 'The risk in the Google design, according to Mr. Miller, who is a principal security analyst at Independent Security Evaluators in Baltimore, lies in the danger from within the Web browser partition in the phone. It would be possible, for example, for an intruder to install software that would capture keystrokes entered by the user when surfing to other Web sites. That would make it possible to steal identity information or passwords.'"

3 of 59 comments (clear)

  1. Hmm by tsa · · Score: 5, Insightful

    It seems Mr. Miller doesn't like the Google Phone much. He should have notified Google of the bug and give them time to fix it before going public (as Google states in TFA).

    --

    -- Cheers!

  2. Here's why. by Anonymous Coward · · Score: 3, Insightful

    He should have notified Google of the bug and give them time to fix it before going public (as Google states in TFA).

    ..according to Mr. Miller, who is a principal security analyst at Independent Security Evaluators in Baltimore

    It wouldn't have given him a name. Now, when the CIOs are reading the tech highlights on their Crackberries, what they'll see is Miller-Independent-Security-Evaluators-Baltimore-finds-security-flaw. And then think ... must hire next time I need security advice.

    In this incredibly competitive world where you're competing with everyone all over the World and there's plenty of folks who'll do it cheaper, you have to find ways to stand out. Never compete on price because there's always someone who'll do it cheaper. Could he have told Google? Sure. But it wouldn't have made a splash in the media and when it got posted here on Slashdot, it would have said instead that "Google fixes security flaw" with no mention of Miller.

    So, that's is why Mr. Miller jumped the gun and published his findings.

    Being in business can really suck.

  3. Re:This would be an easy fix... by davester666 · · Score: 3, Insightful

    Are you sure you can flash new firmware onto the G1 based on the source, without the binary needing to be signed by T-Mobile?

    Being able to actually use personal builds doesn't necessary follow from the source being available.

    --
    Sleep your way to a whiter smile...date a dentist!