Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Bug In Android Passes Keystrokes To Root Shell

Posted by Soulskill on Sat Nov 08, 2008 01:18 PM
from the watch-what-you-type dept.
Bug Cellphones
pasokon writes "ZDNet reports on an Android bug in T-Mobile G1s with early versions of the firmware: 'When the phone booted it started up a command shell as root and sent every keystroke you ever typed on the keyboard from then on to that shell. Thus every word you typed, in addition to going to the foreground application would be silently and invisibly interpreted as a command and executed with superuser privileges. ... open the keyboard tray on your G1, ignore anything you see on the screen, and type these 8 keystrokes: (enter)-r-e-b-o-o-t-(enter). Poof, your phone will reboot.'"
+ -
story

Related Stories

Submission: Bug in Android passes keystrokes to root shell by pasokon (829164)
[+] Hardware: Debian Running On the T-Mobile G1 127 comments
chrb writes "Following hot on the heels of the G1 root exploit, Jay Freeman now has Debian ARM running on the G1. The RC30 update has fixed the root hole, but with utilities and images already available to replace the flash image with your own signed code, it looks like the manufacturer-hacker arms race is on."
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Bug In Android Passes Keystrokes To Root Shell 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • This is simply mind-boggling. (Score:5, Insightful)

    by jcr (53032) <jcr@@@mac...com> on Saturday November 08 2008, @01:22PM (#25688597) Journal

    I can't imagine how or why anyone could accidentally pipe all user input through a root shell. This is one for the WTF of the decade.

    -jcr

  • Scary (Score:5, Funny)

    by Anonymous Coward on Saturday November 08 2008, @01:24PM (#25688617)

    Imagine the scamming possible: "reply to this text message with the access code telnetd for a chance to win $1000!"

  • Confluence (Score:5, Funny)

    by RomSteady (533144) on Saturday November 08 2008, @01:25PM (#25688621) Homepage Journal

    Suddenly, the memory-and-keystroke-saving command names of the past combine with the keystroke-saving text-speak of the present to create the nightmarish user interaction bugs of the future.

    • Re:Confluence (Score:5, Funny)

      by Anpheus (908711) on Saturday November 08 2008, @02:00PM (#25688829)

      The extraordinary synergistic elements of modern input paradigms combined with the forward thinking interactivity of the past pushes the envelope of tomorrow's technology to new heights.

  • reboot (Score:4, Funny)

    by Anonymous Coward on Saturday November 08 2008, @01:25PM (#25688623)

    doesn't wo

  • Open source, remember? fix already out (Score:5, Informative)

    by dnwq (910646) on Saturday November 08 2008, @01:28PM (#25688651)
    From TFA:

    If you see anything later than RC29 then you already have the fix.

    Because Android is open source, the problem was quickly tracked down by users to a couple lines in the system file init.rc. My guess is that this was accidentally left in during device debugging.

    • Re:Open source, remember? fix already out (Score:5, Insightful)

      by Halborr (1373599) <Halborr&gmail,com> on Saturday November 08 2008, @01:56PM (#25688801)
      Ah, the beauty of FOSS.

      • Re:Open source, remember? fix already out (Score:5, Interesting)

        by Khyber (864651) <khyberkitsune@gmail.com> on Saturday November 08 2008, @02:23PM (#25688987) Journal

        Bingo - You won't see this sort of turnaround time for a fix for the iPhone.

        and this is why FOSS is a champion to me - the community fixes the issue and everyone else can check the fix to make sure it's not malicious.

        And this is why all gov't entities in the USA should use FOSS. The people/community as a whole can do a better job of keeping the government secure than corporations can.

    • Re: (Score:3, Insightful)

      by fermion (181285)
      Unless the G1 is a hackers toy, the fact that software is OSS and the bug is fixed in the source makes no difference. The code should have been written well in the first place. Google cannot apply it's philosophy of infinite Beta programs, bad code hotfixed on the fly, and minimal emphasis of data retention because the G1 is a consumer device, not a server on the google network. These phones are not on the google networks, and not low risk items like Google Earth. In many cases phones are not toys and c

      • Re: (Score:3, Insightful)

        by topham (32406)

        I am a programmer and I am entirely and absolutely dumb-struck by this revelation.

        That is absolutely the most asinine debug method I have ever head and I am seriously wondering if it was an intentional backdoor.
        Never, Ever send random commands to a shell. Hell, we are talking a unix base, there are hundreds, of not thousands of 2 and 3 letter functions which do 'something' and a significant number of them are not harmless. I realize the phone is not likely to have all of them, but it will have a number of t

          • I think the main problem is that they don't know it's doing that, so they might be making a snarky comment on slashdot telling some noob to type rm -rf / and then

      • Re: (Score:3, Interesting)

        by harry666t (1062422)
        I have actually managed to use a Linux system without an attached monitor, just a keyboard. I've been writing commands blindly and using "foo && python -c 'print chr(7)'" and alike to get some feedback through PC speaker. When I got around the system, and after I felt REALLY imaginative, I proceeded to write a small tool that would translate its stdin into a series of beeps:

        python -c 'sys,time=__import__("sys"),__import__("time"); time.sleep(3); beepn = lambda x: [(sys.stdout.write(chr(7)), sys.stdo

          • Re: (Score:3, Interesting)

            by harry666t (1062422)
            Either Morse code (as others have suggested), or a custom protocol (if you think you can invent a better one and learn to use it efficiently, but to warn you: Morse is already optimized to use simplest sequences for most common letters, and is well-known). If you don't like Morse, or intend to output other things besides 26 letters and 10 digits: being a musician would help a bit if you intend to use varying frequencies (I have heard that professional musicians can tell if it's 440 or 442 khz, but I screw '

  • Life under the thumb of cellular phone companies.. (Score:5, Interesting)

    by Rahga (13479) on Saturday November 08 2008, @01:28PM (#25688653) Homepage Journal

    Are we really that messed up as a society?

    If I type "Reboot" and the device actually reboots, doesn't that mean it's working?

  • A Conversation (Score:5, Funny)

    by atomicthumbs (824207) <(atomicthumbs) (at) (gmail.com)> on Saturday November 08 2008, @01:29PM (#25688657) Homepage

    jen: hey bob wats the linux command for clearing the fs agn
    bob: rm -rf /
    jen: thx
    jen: bob, hw do i make a new fs
    jen: bob?

  • Seriously Google... (Score:4, Interesting)

    by yttrstein (891553) on Saturday November 08 2008, @01:36PM (#25688699) Homepage
    That's some amateur shit to have made it beyond beta 1. What the hell are your programmers doing all day?

    I'm starting to get a little suspicious, to be frank. You've existed for many, many moons, Google...you have over 20,000 employees. You have computing capacity that's normally limited to that of small countries. Shouldn't you be a little further along by now?

    • Re: (Score:3, Interesting)

      by Ilgaz (86384)

      I have read the headline as "Android allows remote root access" and was like "Not a big surprise" immediately.

      Ordinary people, not just techies got way paranoid about Google and such bugs only serves to validate them.

      People modding you as troll should understand what Android is supposed to race with. Damn secure, stable, 200 million installed Symbian which is soon to be open source and Windows Mobile by the mafioso style company Microsoft which gets huge support from their Windows desktop dominance. Lets no

  • Scary (Score:4, Interesting)

    by flawd1 (1402891) on Saturday November 08 2008, @02:03PM (#25688853)
    I'm on firmware 1.0 and TC4-RC29 and it works. That's kind of scary... Especially because I SSH'd into a friend's server and wrote out rm -rf / ... just to be funny ... I didn't hit enter of course but if I did...

  • I must be tired (Score:3, Funny)

    by Normal Dan (1053064) on Saturday November 08 2008, @02:40PM (#25689083)
    Am I the only one who at first though we found a bug in an asteroid passing earth, implying life in space, then something about a sea shell and a root to some plant? And all of this being some key to something, not sure what... Hmmm... I think I need more sleep.

    • I'm beginning to suspect it could be intentional for free advertising at this point.

      Only if they're advertising iPhones or BlackBerrys.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.