If you’re planning to bring a new smartphone to market anytime soon, you might want to check with the guys at Independent Security Evaluators first. For the second time in about 15 months, ISE researchers have discovered a security flaw in the operating system of a high-profile smartphone, this time it’s a vulnerability in the G1, also known as the Google phone. Charlie Miller, a well-known security researcher, hacker and principal security analyst at ISE, discovered that in putting together the operating system for the G1, known as Android, Google used some older open-source software that had known flaws, resulting in a vulnerability in Android itself. From Miller’s description of the problem:
A user of an Android phone who uses the Web browser to surf the internet may be exploited if they visit a malicious page. Upon visiting the malicious site, the attacker can run any code they wish with the privileges of the Web browser application. We have a very reliable exploit for this issue for demonstration purposes. This exploit will not be released until a fix is available.
The Android security architecture is very well constructed and the impact of this attack is somewhat limited by it. A successful attacker will have access to any information the browser may use, such as cookies used for accessing sites, information put into Web application form fields, saved passwords, etc. They may also change the way the browser works, tricking the user into entering sensitive information. However, they can not control other, unrelated aspects of the phone, such as dialing the phone directly. This is in contrast, for example, with Apple’s iPhone which does not have this application sandboxing feature and allows access to all features available to the user when compromised.
Miller and other ISE researchers last year found one of the first security problems with the iPhone, a flaw that enabled attackers to compromise the phones using a malicious Web page. The attack allowed an attacker to read the victim’s SMS messages, address book, call log and other stored data.
Google is aware of the problem with the G1 and is working on a fix.