Well, that certainly didn’t take very long now did it?
From NY Times:
Charles A. Miller, notified Google of the flaw this week and said he was publicizing it now because he believed that cellphone users were not generally aware that increasingly sophisticated smartphones faced the same threats that plague Internet-connected personal computers.
Mr. Miller, a former National Security Agency computer security specialist, said the flaw could be exploited by an attacker who might trick a G1 user into visiting a booby-trapped Web site.
Tricking a user into surfing an infected site? Nevah.
The risk in the Google design, according to Mr. Miller, who is a principal security analyst at Independent Security Evaluators in Baltimore, lies in the danger from within the Web browser partition in the phone. It would be possible, for example, for an intruder to install software that would capture keystrokes entered by the user when surfing to other Web sites. That would make it possible to steal identity information or passwords.
I guess we can safely say that, yes, that would be unpleasant.
UPDATE: Well, I posted this just yesterday and now it appears that there are serious problems with T-Mobile’s G1 mobile email service. They are actively working to address the issue.
[tags]Google, Android, Google Android, T-Mobile[/tags]