First Android phone already vulnerable to attacks

Less than a week after the release of Google’s T-Mobile G1 smart phone, security experts detected a serious security flaw in its Android operating system that leaves it wide open for hackers to launch drive-by attacks on users’ devices.The security vulnerability, detected by researchers at Baltimore, Maryland-based Independent Security Evaluators, follows last week’s release of Google’s T-Mobile G1 phone Oct. 22, which is powered by the Android operating system. Researchers at ISE posted an advisory warning users of the potential security threat that would allow their mobile devices to be compromised or exposed if they visited a malicious Web page.
“These phones will currently ship with the vulnerability present and may pose a security risk to their users until and update becomes available,” said Miller in his posting. According to the advisory, Google Android relies on more than 80 different open source packages. And the security error stems from a buffer overflow vulnerability in some of the older, more vulnerable versions of the open source software. Subsequently, an unsuspecting user could be successfully exploited simply by accessing an infected Web page using with a vulnerable operating system, experts say. Once a user in infected, attackers could then obtain access to any personal information accessible from the victim’s browser — including cookies, information entered into Web application and saved passwords — in order to steal a bank account numbers, Social Security information and other sensitive data.