Google Scrambles to Patch Buffer Overrun Exploit in Android G1

The G1, which sells for $179, is designed to compete with Apple's iPhone for this holiday season.

The smart phone's success is being closely watched by industry experts closely tracking the growth of the Android platform, on which hangs Google's plans for mobile search and advertising dominance.

The flaw, known in security circles as a buffer overrun, exists in one of the 80 open-source components of the Android SDK, which was released nearly a year ago, Miller said.

Normally, the exploit he created would enable him to access a lot, but he said Google has designed Android to make sure "it's not the end of the game if you do that." For example, Miller said he can't read a user's e-mail or dial the phone.

To keep technical details of the exploit hush-hush, Miller declined to say which of the components in the SDK he discovered the flaw in, though he said it exists in an older version of the open-source component.

For some reason, he said, Google used a dated version of the component that has the flaw. "They used the old, vulnerable version. Whether they knew that or not, I don't know."

So how did Miller, who regularly looks for such flaws, find the bug? This story is a story in itself.

The analyst said he downloaded the Android SDK, which has an emulator to simulate what will be on an actual Android-based device. He wrote an exploit for the emulator, though he couldn't be sure whether it would work on the G1.

But Miller wasn't a T-Mobile customer, so he couldn't preorder the G1. To get his hands on the gadget, Miller searched on eBay and found a T-Mobile employee who was selling his G1.

He bought it and was able to get the gadget a week before the Oct. 22 release date. He found the flaw and reported it to Google Oct. 20, two days before the G1 release date.

"Thanks to the power of eBay, I had it like five days before anybody else," Miller said.