Researcher warns of critical Google bug in G1 phone

Google silent on details of bug and status of any forthcoming patch.

A noted security researcher Monday warned users of T-Mobile's G1 smart phone that a critical vulnerability in Google's Android operating system could be used to hack their phones.

Led by Charlie Miller, a researcher who has rooted out high-profile bugs in Apple's Mac OS X and iPhone, a team from Independent Security Evaluators (ISE) identified the bug and reported it to Google last week. ISE is a Baltimore-based security consultancy where Miller works.

Miller, who declined to get specific about the vulnerability, said only that it is a buffer overflow bug that could be exploited by tricking G1 users into visiting malicious sites. "There's a chance that the attacker could execute malicious code remotely" with the same privileges as the user of the phone's browser, Miller said.

T-Mobile started shipping the G1 shortly before the Oct. 22 launch date; the phone is the first powered by Google's open-source mobile phone operating system, Android.

Miller said that after alerting Google, a security researcher from its Android team contacted him for more information, and to ask that he withhold information until a patch was in place. Miller refused to wait, but promised not to disclose any details or technical information that could be used by hackers.

"People should know that there's a problem with the G1 before they buy it," Miller said as he defended his actions. "I don't want to help the bad guys either, but people should have all the information before they make a decision to buy [the phone]. I think I'm totally in the right here."

Google did not respond to a request for comment, or to questions about the status of any patch for Android and the G1.

Miller also said that he and others at ISE had crafted a working exploit, but would not release it until a patch is in hand.

According to a more detailed warning on the ISE site, the flaw is within one of the more than 80 different open-source packages used by Google to assemble Android. Miller blamed the bug on Google's use of outdated code. "This particular security vulnerability that affects the G1 phone was known and fixed in the relevant software package, but Google used an older, still vulnerable version," said the ISE alert.

Miller declined to name the specific open-source package at fault.

Google has been caught in the same bind before. Because it used an older version of WebKit, the open-source rendering engine that also powers Apple's Safari, for the foundation of its own Chrome Web browser, users were at risk from attacks based on a months-old flaw that had been dubbed the "carpet bomb" bug.

Google patched the carpet bomb vulnerability in a development build of Chrome two weeks ago.

Miller is well known in the Mac and iPhone vulnerability research community, and was on the same three-man ISC team that spotted and reported the first bug in Apple's iPhone shortly after it launched in mid-2007. Several months before that, he walked off with a $10,000 prize in an inaugural hacking contest by cracking an Apple laptop running Mac OS X in less than two minutes.

"I like the iPhone," said Miller, "but the G1 actually has a lot better security. In Android, Google uses this compartmentalized security architecture, application sandboxing really, so that each app runs as its own user and can access only its own files. So even though I can exploit the browser, I can't read the person's e-mail."

But even though it boasts stronger security, the G1 is still dangerous, Miller said, blaming user naivete.

"People are trained to be careful when they're browsing from the desktop or laptop, but hand them a phone and all the rules seems to go out the window," Miller said. "They use [their smart phone] to do everything they do on the desktop, but they forget they can get into trouble browsing from their phone."

Join the PC World newsletter!

Error: Please check your email address.

Tags g1

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld
Show Comments

Essentials

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?