Android handset
Android relies on 80 open-source components

First Google Android flaws surface

Outdated components leave handset vulnerable

Shaun Nichols in San Francisco

A trio of researchers has disclosed the first security flaw for the Google Android platform and pointed out a fundamental security problem in the open source process.

The vulnerability was discovered by researchers Charlie Miller, Mark Daniel and Jake Honoroff from security testing and analysis firm Independent Security Evaluators.

Advertisement

While the three have elected not to disclose details about the flaw until a fix can be issued, they said that a successful exploit could allow an attacker to retrieve all stored information in the victim's browser.

The researchers praised Android for its secure "sandbox" mode, which limits the scope of attacks by cutting off access to outside components, but they also noted what could become a major security hurdle for Android.

The flaw lies within one of the open-source components used by the Android platform, say the researchers.

"The vulnerability is due to the fact Google did not use the most up-to-date versions of all these packages," the trio said.

"In other words, this particular security vulnerability that affects the G1 phone was known and fixed in the relevant software package, but Google used an older, still vulnerable version."

Because Android relies on some 80 different open-source components, keeping track of security disclosures and bug fixes could prove difficult, potentially leaving the platform open to future attacks.

News of the disclosure comes less than one week after the first Android-powered handset hit the US market in the form of the T-Mobile G1. Other vendors, including Motorola and Kyocera are also said to be poised to unveil Android devices.

  • Have your say
  • Send to a friend
  • Print
  • Digg
  • Reddit
  • Share

Do you agree?

Further reading

Mobile web user

IBM issues mobile web call to arms

Research finds half of consumers ready to swap fixed for mobile web access

Gmail

Google adds offline support to mobile Gmail

Gmail for Mobile 2.0 also runs faster and supports J2ME phones

T-Mobile launches Android G1 in the US

New handset expected to be Apple's strongest challenger

Google shows off Gmail on Android

Marketing man touts mobile mail capabilities ahead of G1 launch

Related whitepapers

Related jobs

Most watched

Social networking

Summit: How businesses should manage their brands online

In part one of V3.co.uk's interview with Dirk Singer, he dicusses social media monitoring strategies

RIM discusses new developer tools

Blackberry exec on the latest offerings for programmers

Analysis and Reports

Remote access - Three steps to getting connected

3.4 million UK professionals now work from home – is your company equipped?

Cost benefits of a global collaboration network

This white paper is a must read for organisations looking for evidence of the bottom-line benefits of high-definition video and voice communications

Poll

Impact of Information Overload poll

Impact of Information Overload poll

What is the biggest problem your firm faces as a result of the data explosion?

View poll results

Advertisement

White paper library

Keep up to date with the latest products, services and technologies from the world's leading IT companies; IThound.com brings you over 6,000 white papers, case studies and analyst reports.

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Job of the week

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Advertisement

Spotlight

Alcatel-Lucent logo

Summit: Networks swamped by information overload

Alcatel-Lucent's Neal Tilley talks about how enterprises and carriers can...

EU flag

Breach notification laws get green light

Privacy rights strengthened in Europe

Richard Thomas

Summit: Richard Thomas advises on handling the data deluge

Former Information Commissioner speaks out on government databases and data...

oracle sun

War of words escalates between EU and Oracle

Commission comes out fighting after criticism from Oracle and Washington

Primary Navigation