First major security flaw in Android found in its browser

October 26, 2008

A team of security researchers that includes former NSA computer security specialist Charles A. Miller have found a flaw in the Android platform’s Webkit based web browser.

The security flaw would allow a malicious website to install an application within the browser that could do things such as monitor keyboard input for login IDs and passwords when the user visits other websites. Google was quick to point out that all applications in Android operate inside a security sandbox that keeps a breach in one app from providing access to other parts of the phone. As such, the browser flaw could not be used to directly tamper with another part of the smartphone.

Even so, who out there would want a cyber criminal to get the login information to their online bill payment or other similar website?

Google has said that it has already patched the security hole in the open source version of Android and that it is working with HTC and T-Mobile to get an over the air (OTA) update for current G1 users soon.

[via NY Times]

Comments