Bug In Android Passes Keystrokes To Root Shell 205
pasokon writes "ZDNet reports on an Android bug in T-Mobile G1s with early versions of the firmware: 'When the phone booted it started up a command shell as root and sent every keystroke you ever typed on the keyboard from then on to that shell. Thus every word you typed, in addition to going to the foreground application would be silently and invisibly interpreted as a command and executed with superuser privileges. ... open the keyboard tray on your G1, ignore anything you see on the screen, and type these 8 keystrokes: (enter)-r-e-b-o-o-t-(enter). Poof, your phone will reboot.'"
Open source, remember? fix already out (Score:5, Informative)
Degradation (Score:2, Informative)
This coming from Google? That surprises (and scares) me. I don't know how something like that would get through a QA process unless the QA process was rushed ... oh no, please don't become like almost every other software company out there Google! :-/
Re:False (Score:5, Informative)
I restarted my phone manually, and tried this on a fresh boot. My phone did immediately restart. Yikes.
Re:This is simply mind-boggling. (Score:5, Informative)
Read this:
http://android.jim.sh/index.php/ConsoleShell [android.jim.sh]
Looks like debugging code left behind...
Re:This is simply mind-boggling. (Score:4, Informative)
Re:This is simply mind-boggling. (Score:5, Informative)
Re:Degradation (Score:2, Informative)
Re:This is simply mind-boggling. (Score:5, Informative)
The latest OTA update is RC30, which patches the issue (I confirmed this on my G1).
Re:This is simply mind-boggling. (Score:4, Informative)
You mean defused until you type Control-z, Control-d or Control-c, right?
Nope. I really do mean from then on. Read the various write-ups to understand why.
And for bonus points, see if you can find your phone's "control" key.
Re:Nah it'll never work (Score:3, Informative)
I have linux installed on a compact flash card, and it sees itself as residing on hda because it is connected via adapter to an ide socket. It might be seen as sda if it were connected to a SATA connection.
No physical ide (or SATA) drive needed. There might easily be interface emulation to ease the porting of the OS to solid state devices.