Google Scrambles to Patch Buffer Overrun Exploit in Android G1
Mobile
SHARE
Facebook X Pinterest WhatsApp

Google Scrambles to Patch Buffer Overrun Exploit in Android G1

Written By
Clint Boulton
Clint Boulton
Oct 27, 2008
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

The T-Mobile G1 smart phone has not even been on the market for one week, but a security expert has already found a significant flaw in the Google Android software that fuels it.

The vulnerability, first reported in The New York Times, allows a hacker to hijack a Web browser on a G1 gadget. A user with malicious intent could capture users’ user names and passwords for accessing Web sites, such as bank accounts, online retail sites and online auctions.

“I can basically do anything the Web browser has permission to do,” said Charlie Miller, principal analyst at Independent Security Evaluators, who wrote an exploit for the flaw based on the Android SDK (software developer kit) Google released to open source. “I can read text messages, read their cookies, see their passwords, watch them surf the Web and watch what they type.”

If he wanted to, he could also surf the Web on a user’s G1 from his own computer, and make a user think they are going to a banking site when they’re really going to his site.

Miller told Google about the flaw Oct. 20, two days before the G1 launched in T-Mobile stores and to customers. Miller said Google didn’t want him to tell anyone else about the flaw until there was a fix available, but he said that could take months from now because they have to get T-Mobile involved, among other steps in the process.

“It seems to me, if I’m going to shell out $200 for this thing, I have the right to know if there is a problem,” Miller said. “I’m sure they’re going as fast as they can, but people have a right to know there is a problem. If you think there is no problem, then you are going to act one way with your phone, but if you know there is a problem that’s not fixed yet, maybe you’ll be a little more careful.”

Google is indeed hard at work on a fix. Google said:

“We are working with T-Mobile to include a fix for the browser exploit, which will soon be delivered over the air to all devices, and have addressed this in the Android open-source platform. We treat all security matters seriously and will carefully work with our partners to investigate and update devices periodically to reduce our users’ exposure.”
Clint Boulton
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information