The multimedia functionality in Android's web browser - provided by PacketVideo's OpenCORE - opens a big security hole in the platform.
Google's Android platform may be getting its first taste of the big time following reports of a chilling security vulnerability in the mobile OS.
According to a report over on ReadWriteWeb
, the Schmoocon hacker conference held in Washington D.C. this weekend saw security researcher Charlie Mirror present his findings on a worrying security vulnerability in the open-source Linux-based operating system developed by Google.
According to Miller, the vulnerability is a severe one: left unchecked, it's possible for an attacker to access data stored on the 'phone by the browser – and to sneak a peek at ongoing web traffic, even if SSL encrypted.
The flaw is in part of the code contributed by Us-based PacketVideo, which produces the CORE multimedia codec which forms the basis of the Android browser's media playback capabilities. Due to insufficient boundary checking when the OpenCORE system is playing back an MP3 file, it is possible to corrupt the process's heap and execute arbitrary code on the device.
Miller is keen to point out that this means game over from a security perspective, and recommends that owners of the G1 handset – and any other device based around the Android platform - “avoid using the browser until a patch is released
” if they value their data.
Interestingly, the problem has already been solved – at least, on PacketVideo's end. The company contributed a fix for the issue to the Android code base last week – but Google has yet to push the fix out to users. Without the fix, handsets are still at risk – although there's no evidence of malicious files in the wild as yet.
So far, Google has yet to comment on the matter – except to point people towards the oCERT advisory
on the vulnerability, which contains links to the fixed code. A timescale on when end-users might see the issue resolve has not yet been provided.
Any Android users concerned at such a big hole in their browser's security, or is Miller making a mountain out of a molehill? Is Google taking its eye off the ball when it comes to security in the products it releases? Share your thoughts over in the forums