Forum Moderators: goodroi
Security expert Charlie Miller leverages a flaw within an SDK component of Google's open-source Android operating system. The buffer overrun flaw lets hackers hijack the Web browser on a user's T-Mobile G1 smart phone, which is Google's first big entry into the mobile and wireless game to deliver users mobile Web services. Miller bought a G1 early from a T-Mobile employee on eBay to test his exploit. Google said it is working with T-Mobile on delivering a fix to the device.
According to one website, Charlie Miller (who discovered the exploit) has a Phd. in Mathematics from Notre Dame, worked for the NSA for 5 years as a "global network exploitation analyst" and is possibly one of the top (white hat) hackers around.
My point: I don't think average script kiddie is going to find and use the exploit before it gets patched... besides, they'd need to target a particular G1 user and be all set to take over their browser.
I guess if you own a G1, and are in Panera Bread and some nefarious looking geek is paying too much attention to what you're doing and at the same time is typeing away on his laptop, you should be more careful about what you browse. (The report says the exploit can't take over control of the G1 device, access email, the phone dialer or other apps -- its a totally browser based exploit).
I like the idea of Android.. imagine if Microsoft CE was loaded on every phone on the planet, (except the small percent who go with Apple/iPhone/AT&T)... we'd have a duplication of the desktop OS dominance issues we have with MS and PC's.
Found the info here: [blogs.zdnet.com ]
