Thursday, February 05, 2009

More Security Angst For Android

Andy Greenberg writes on

For Google, keeping its Android mobile platform secure may be becoming a game of "whack-a-bug."

In a talk at the Shmoocon hacker conference in Washington, D.C., on Saturday, security researcher Charlie Miller plans to present a vulnerability in Google's (nasdaq: GOOG - news - people ) mobile software that he says would allow a hacker to remotely take control of the device's browser, allowing him to steal passwords stored in the software, watch a users' browsing or siphon off credit card data as it's entered on the Web.

It won’t be the first time that Miller has poked a hole in Android. Within days of the October release of T-Mobile's G1, the first phone to use Google's open-source platform, Miller and fellow researchers at Independent Security Evaluators found a similar vulnerability that allowed them to take control of the phone's browser and potentially steal users' information or spy on their browsing. Miller's team warned Google about the problem, and the company released a patch in early November.

But Miller, who has gained notoriety in the data security world by compromising high-profile devices ranging from the iPhone to the MacBook Air, says his repeated hacks may be a sign that Google's relatively new software is "a little immature" from a security standpoint, compared to others such as Windows or Mac OS that have been field-tested for years by security firms.

More here.


Post a Comment

<< Home