A veteran security researcher has found a security hole in the T-Mobile G1 phone, which runs Google’s Android software. Charlie Miller of Independent Security Evaluators in Baltimore told the New York Times that he was able to redirect the G1’s web browser to a malicious web site.

Miller was able to hack the G1 just a few days after it started selling to big crowds on Tuesday night and Wednesday morning. Miller notified Google of the flaw this week and said he was publicizing it to warn smartphone users of the vulnerability.

The attack follows a familiar tactic for Miller, who has received a lot of press before because he was able to hack Apple’s Leopard operating system, the MacBook Air, and the iPhone. In each case, he was either the first one to crack the systems or partnered with someone who did. He was, for instance, able to hack the iPhone because it used the same vulnerable Safari web browser as the Macintosh computers. In that case, there was a known vulnerability but Apple didn’t include the fix for it in the iPhone. In another case, Miller and his fellow security researcher Dino Dai Zovi were able to hack Second Life because it depended on the vulnerable QuickTime movie player made by Apple.



The vulnerability of the G1, which is made by HTC, is disturbing in part because many companies hope to make phones based on Google’s Android software.

Google told the New York Times that it was aware of the problem but the security features of the phone would limit the extent of damage that hackers could do. This approach of “sandboxing” an application means that each one is isolated from the others. It’s necessary because just about anyone can upload a software application to Google’s Android Marketplace where users can download the apps to phones.

Miller’s trick allows someone to install software that can capture keystrokes on the phone, allowing the hacker to capture passwords typed into the phone. That’s a big problem because you can use the phone to access your email or other password-protected sites. Miller has not revealed the exact technical details from the hack, but hackers are likely to figure out what to do in the coming days. Google doesn’t have long to fix the problem.

Google naturally complained that Miller didn’t give them enough time to come up with a fix before going public with the flaw. But Miller’s attitude has always been that if he can hack a system, others can do the same thing quietly and users are vulnerable in the meantime. Miller isn’t a so-called “black hat” hacker who breaks into systems for criminal purposes; he’s a security hacker and his company, Independent Security Evaluators, is frequently hired to do penetration research, or stage mock attacks to test the security of systems.