Feeds

PacketVideo opens doorway to Android

Google fans told to down browsers for the duration

Secure remote control for conventional and virtual desktops

G1 owners have been warned to stop browsing immediately or risk exposing themselves to the worst of the internet, after researchers found a flaw in PacketVideo's runtime for Android.

The flaw was presented by security researcher Charlie Miller at the recent Schmoocon conference, as reported by ReadWriteWeb, and details are available at oCERT. Given the exploit allows arbitrary code execution, provided within a specially-crafted MP3 file, the security implications are serious - but not as serious as they could be thanks to Android's layered security model.

Not that the complexity of the exploit, or the robust security model, have prevented Miller from recommending that G1 users stop browsing entirely, or at least limit themselves to only visiting trusted sites using the T-Mobile network (avoiding the potential for DNS-spoofing, assuming T-Mobile's DNS' are secure).

ReadWriteWeb contacted Mocana's James Blaisdell for a second opinion, and got the same advice, though it's worth noting that James is CTO of a company that supplies security software for Android.

Google seems less concerned. Indeed the company has had a fix knocking around in its source tree since Monday this week, but T-Mobile hasn't got round to pushing it out to Android users yet.

Even if the flaw was successfully exploited, no mean feat in itself, the attacker would only have access to the browse at best, and more-likely would be restricted to the media player.

That's not to say that the flaw shouldn't be fixed, or that Charlie Miller doesn't deserve our respect for identifying the bug, but calling on Android users to stop browsing is little more than showboating and we'll continue to browse the web on out G1 for the moment, while we wait for a proper mobile-phone security issue to come up.®

5 things you didn’t know about cloud backup

More from The Register

next story
Canadian ISP Shaw falls over with 'routing' sickness
How sure are you of cloud computing now?
Don't call it throttling: Ericsson 'priority' tech gives users their own slice of spectrum
Actually it's a nifty trick - at least you'll pay for what you get
Three floats Jolla in Hong Kong: Says Sailfish is '3rd option'
Network throws hat into ring with Linux-powered handsets
Fifteen zero days found in hacker router comp romp
Four routers rooted in SOHOpelessly Broken challenge
New Sprint CEO says he will lower axe on staff – but prices come first
'Very disruptive' new rates to be revealed next week
PwC says US biz lagging in Internet of Things
Grass is greener in Asia, say the sensors
Ofcom sees RISE OF THE MACHINE-to-machine cell comms
Study spots 9% growth in IoT m2m mobile data connections
O2 vs Vodafone: Mobe firms grab for GCHQ, gov.uk security badge
No, the spooks love US best, say rival firms
Ancient pager tech SMS: It works, it's fab, but wow, get a load of that incoming SPAM
Networks' main issue: they don't know how it works, says expert
Trans-Pacific: Google spaffs cash on FAST undersea packet-flinging
One of 6 backers for new 60 Tbps cable to hook US to Japan
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.