Android Security Team On Android Updates And Fixes

The Google Android Security Team have begun to release details of the two recent updates to the Android platform. Updates RC 29 and RC 30 have been rolled out to T-Mobile G1 owners over the coming weeks in an effort to fix a number of bugs and exploits in the operating system and it’s software.

Rich Cannings of the Android Security Team has revealed that the RC 29 update not only fixed the well documented browser vulverability but the patch also fixed two other vulverabilities in the software.

These fixes included a universal cross-site scripting problem that could give an attacker control of the browser, and an exploit that could let someone bypass Android’s locking mechanism by booting the phone into safe mode.

RC 30 which has been deployed more recently fixes the ‘text input system command issue‘ where inputted text is executed as Linux commands with the highest-level privileges.

The problem was that Google had failed to remove a feature that let programmers execute commands with a remote device, but when the device wasn’t detected, the phone ran the input from the G1’s keyboard.

“We tried really hard to secure Android. This is definitely a big bug,” he said. “The reason why we consider it a large security issue is because root access on the device breaks our application sandbox.”

“The barrier is very high to exploit this… It requires a challenger to exploit users,” he said. “For example, an attacker might have to convince a user to install a game with keyboard movement commands that typed out ‘telnetd’ to launch the phone’s telnet application to open the phone up to remote control.”

The RC 30 update also fixes two other problems in WebKit. The first is a buffer overrun issue relating to JavaScript style sheets where an attacker could use malicious website code to gain control of the browser.

The second issue has the potential to let people read what’s in the G1’s memory, gaining access to website cookies and thereby gaining online privileges. “If you’re logged into a bank at that time, [an attacker] could steal your banking cookies,” Cannings said.