Feeds

PacketVideo opens doorway to Android

Google fans told to down browsers for the duration

Providing a secure and efficient Helpdesk

G1 owners have been warned to stop browsing immediately or risk exposing themselves to the worst of the internet, after researchers found a flaw in PacketVideo's runtime for Android.

The flaw was presented by security researcher Charlie Miller at the recent Schmoocon conference, as reported by ReadWriteWeb, and details are available at oCERT. Given the exploit allows arbitrary code execution, provided within a specially-crafted MP3 file, the security implications are serious - but not as serious as they could be thanks to Android's layered security model.

Not that the complexity of the exploit, or the robust security model, have prevented Miller from recommending that G1 users stop browsing entirely, or at least limit themselves to only visiting trusted sites using the T-Mobile network (avoiding the potential for DNS-spoofing, assuming T-Mobile's DNS' are secure).

ReadWriteWeb contacted Mocana's James Blaisdell for a second opinion, and got the same advice, though it's worth noting that James is CTO of a company that supplies security software for Android.

Google seems less concerned. Indeed the company has had a fix knocking around in its source tree since Monday this week, but T-Mobile hasn't got round to pushing it out to Android users yet.

Even if the flaw was successfully exploited, no mean feat in itself, the attacker would only have access to the browse at best, and more-likely would be restricted to the media player.

That's not to say that the flaw shouldn't be fixed, or that Charlie Miller doesn't deserve our respect for identifying the bug, but calling on Android users to stop browsing is little more than showboating and we'll continue to browse the web on out G1 for the moment, while we wait for a proper mobile-phone security issue to come up.®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Same old iPad? NO. The new 'soft SIMs' are BIG NEWS
AppleSIM 'ware to allow quick switch of carriers
Arab States make play for greater government control of the internet
Nerds told to get lost in last-minute power grab bid at UN meeting
Brits: Google, can you scrape 60k pages from web, pleeease
Hey, c'mon Choc Factory, it's our 'right to be forgotten'
Of COURSE Stephen Elop's to blame for Nokia woes, says author
'Google did have some unique propositions for Nokia'
It's even GRIMMER up North after MEGA SKY BROADBAND OUTAGE
By 'eck! Eccles cake production thrown into jeopardy
Mobile coverage on trains really is pants
You thought it was just *insert your provider here*, but now we have numbers
Don't mess with Texas ('cos it's getting Google Fiber and you're not)
A bit late, but company says 1Gbps Austin network almost ready to compete with AT&T
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.