Archive for the ‘Android’ tag
Smartphone Security
As if worrying about security on your computer wasn’t enough, your smartphone is increasingly becoming a significant target.
Besides the standard virus and worm attacks via email attachments, one recent attack used the phone’s bluetooth capabilities to spread between other nearby bluetooth-enabled devices.
Research indicates that a significant amount of the problem is that, while many users know to be careful on their home computer, many people feel their phone is more immune to security threats. Not so. The article’s suggestion – “treat your smartphone like a computer, not a telephone.”
Unfortunately, there are many people who don’t treat their home computer security properly, much less their smartphone security. People need to continue to be educated about internet security. If you’re going to fall for a phishing attack on your home computer, you’re probably going to fall for anything on your smartphone. Awareness is key.
News article: http://www.cnn.com/2009/TECH/10/25/smartphone.security/index.html
Hacker finds a security hole in the Google Android software on the T-Mobile G1
A veteran security researcher has found a security hole in the T-Mobile G1 phone, which runs Google’s Android software. Charlie Miller of Independent Security Evaluators in Baltimore told the New York Times that he was able to redirect the G1’s web browser to a malicious web site.
The vulnerability of the G1, which is made by HTC, is disturbing in part because many companies hope to make phones based on Google’s Android software. Android consists of more than 80 different open-source software components. The vulnerability is there because Google didn’t use the most up-to-date versions of each component.
Google told the New York Times that it was aware of the problem but the security features of the phone would limit the extent of damage that hackers could do. This approach of “sandboxing” an application means that each one is isolated from the others. It’s necessary because just about anyone can upload a software application to Google’s Android Marketplace where users can download the apps to phones.
The vulnerability also allows someone to install software that can capture keystrokes on the phone, allowing the hacker to capture passwords typed into the phone.
http://venturebeat.com/2008/10/25/hacker-finds-a-security-hole-in-the-google-phone/
Basically Google seems to be unhappy about this hacker because he didn’t give them enough time to come up with a fix before going public with the flaw. I think people had better wait for the patch for this vulnerability before go and buy a G1