Security Flaw In Android Web Browser 59
r writes "The New York Times reports on a security flaw discovered in the new Android phones. The article is light on details, but it hints at a security hole in the browser, allowing for trojans to install themselves in the same security partition as the browser: 'The risk in the Google design, according to Mr. Miller, who is a principal security analyst at Independent Security Evaluators in Baltimore, lies in the danger from within the Web browser partition in the phone. It would be possible, for example, for an intruder to install software that would capture keystrokes entered by the user when surfing to other Web sites. That would make it possible to steal identity information or passwords.'"
Re:This would be an easy fix... (Score:4, Informative)
Erm, the entire source code for Android is now available, so yes, you can download it, fix it, compile it, then flash it onto your phone, or maybe a different phone.
Re:Hmm (Score:5, Informative)
Re:Hmm (Score:5, Informative)
Re:iPhone weak like other smartphones? (Score:3, Informative)
It is true for WinMo smartphones - no perms at all, but I am pretty sure that the iPhone does not apply.
Not quite... Windows Mobile has security based on privilege levels (e.g. user vs. admin in the desktop world), so I don't think it's fair (or accurate) to say "no perms at all." You can assign access rights to resources (files, registry keys, etc.) associated with your application, so other apps must be appropriately signed to initeract with your data.
Contrast that with the iPhone: Everything that ships on an iPhone runs as root, and not in a compartment. Period. If you hack the browser (or any other in-ROM app), you've hacked the entire device with root level access (how do you think jailbreak works?).
You're probably thinking of app-store applications. Things installed from the app-store run sandboxed in their own compartment, but that's only because Apple doesn't have a reasonable security model in place throughout the rest of the system. Oh, and you also can't run multiple sandboxed apps simultaneously. It's really a much worse security story than you're imagining, I think.
Re:This would be an easy fix... (Score:3, Informative)
Re:This would be an easy fix... (Score:3, Informative)
Actually yes you can, we haven't tried with the G1 yet, but have been putting Android on previous HTC models for quite a bit (even before Android was released)
Re:iPhone weak like other smartphones? (Score:1, Informative)
The jailbreak doesn't happen through the browser. It requires flashing the OS through the USB cable. Has anyone here actually used an iPhone?
Re:iPhone weak like other smartphones? (Score:4, Informative)
It used to work by exploiting a vulnerability in TIFF processing. The browser runs as root, and the earlier jailbreak app was a "visit this site, reboot, and you're done" sort of thing. As Free The Cowards said, this doesn't work this way not because they changed the permissions model, but because they closed the TIFF exploit.