Forgot your password?
typodupeerror
Cellphones Businesses Google Security The Internet Handhelds Hardware

Security Flaw In Android Web Browser 59

Posted by timothy
from the more-information-would-be-nice dept.
r writes "The New York Times reports on a security flaw discovered in the new Android phones. The article is light on details, but it hints at a security hole in the browser, allowing for trojans to install themselves in the same security partition as the browser: 'The risk in the Google design, according to Mr. Miller, who is a principal security analyst at Independent Security Evaluators in Baltimore, lies in the danger from within the Web browser partition in the phone. It would be possible, for example, for an intruder to install software that would capture keystrokes entered by the user when surfing to other Web sites. That would make it possible to steal identity information or passwords.'"
This discussion has been archived. No new comments can be posted.

Security Flaw In Android Web Browser

Comments Filter:
  • by Anonymous Coward on Saturday October 25, 2008 @04:24PM (#25511597)

    Erm, the entire source code for Android is now available, so yes, you can download it, fix it, compile it, then flash it onto your phone, or maybe a different phone.

  • Re:Hmm (Score:5, Informative)

    by Shemmie (909181) on Saturday October 25, 2008 @04:50PM (#25511795)
    I was about to agree with you. However, upon reading their page: [securityevaluators.com]

    The Android security architecture is very well constructed and the impact of this attack is somewhat limited by it. A successful attacker will have access to any information the browser may use, such as cookies used for accessing sites, information put into web application form fields, saved passwords, etc. They may also change the way the browser works, tricking the user into entering sensitive information. However, they can not control other, unrelated aspects of the phone, such as dialing the phone directly. This is in contrast, for example, with Apple's iPhone which does not have this application sandboxing feature and allows access to all features available to the user when compromised. For more information on the security of the iPhone, visit ISE's site describing the first exploit of an iPhone security vulnerability here [securityevaluators.com].

  • Re:Hmm (Score:5, Informative)

    by Shemmie (909181) on Saturday October 25, 2008 @04:51PM (#25511807)
    Oops, left out:

    Working with Google
    Google was notified of this issue on October 20th, 2008. We are working with them to try to get a fix as quickly as possible.

  • by Anonymous Coward on Saturday October 25, 2008 @05:19PM (#25511969)

    It is true for WinMo smartphones - no perms at all, but I am pretty sure that the iPhone does not apply.

    Not quite... Windows Mobile has security based on privilege levels (e.g. user vs. admin in the desktop world), so I don't think it's fair (or accurate) to say "no perms at all." You can assign access rights to resources (files, registry keys, etc.) associated with your application, so other apps must be appropriately signed to initeract with your data.

    Contrast that with the iPhone: Everything that ships on an iPhone runs as root, and not in a compartment. Period. If you hack the browser (or any other in-ROM app), you've hacked the entire device with root level access (how do you think jailbreak works?).

    You're probably thinking of app-store applications. Things installed from the app-store run sandboxed in their own compartment, but that's only because Apple doesn't have a reasonable security model in place throughout the rest of the system. Oh, and you also can't run multiple sandboxed apps simultaneously. It's really a much worse security story than you're imagining, I think.

  • by MikaelC (584630) on Saturday October 25, 2008 @05:51PM (#25512219)
    Yep. Of course you will probably have to write new device drivers for a different phone. And judging by this comment [android.com] it seems that the not all of the source for the G1 is available.
  • by Anonymous Coward on Saturday October 25, 2008 @07:52PM (#25513121)

    Actually yes you can, we haven't tried with the G1 yet, but have been putting Android on previous HTC models for quite a bit (even before Android was released)

  • by Anonymous Coward on Saturday October 25, 2008 @10:11PM (#25513925)

    The jailbreak doesn't happen through the browser. It requires flashing the OS through the USB cable. Has anyone here actually used an iPhone?

  • by nahdude812 (88157) * on Saturday October 25, 2008 @11:14PM (#25514371) Homepage

    It used to work by exploiting a vulnerability in TIFF processing. The browser runs as root, and the earlier jailbreak app was a "visit this site, reboot, and you're done" sort of thing. As Free The Cowards said, this doesn't work this way not because they changed the permissions model, but because they closed the TIFF exploit.

MATH AND ALCOHOL DON'T MIX! Please, don't drink and derive. Mathematicians Against Drunk Deriving

Working...