Bug In Android Passes Keystrokes To Root Shell 205
pasokon writes "ZDNet reports on an Android bug in T-Mobile G1s with early versions of the firmware: 'When the phone booted it started up a command shell as root and sent every keystroke you ever typed on the keyboard from then on to that shell. Thus every word you typed, in addition to going to the foreground application would be silently and invisibly interpreted as a command and executed with superuser privileges. ... open the keyboard tray on your G1, ignore anything you see on the screen, and type these 8 keystrokes: (enter)-r-e-b-o-o-t-(enter). Poof, your phone will reboot.'"
Comment removed (Score:5, Insightful)
Re:Life under the thumb of cellular phone companie (Score:5, Insightful)
Not when it reboots as a result of you including the reboot command into, to pick a ramdom example, the text of a comment that you are posting to Slashdot.
Nah it'll never work (Score:3, Insightful)
shred won't be installed.
cat /dev/urandom > /dev/hda is far more likely to work.
HTH
Re:Open source, remember? fix already out (Score:5, Insightful)
Re:True (Score:3, Insightful)
Re:This is simply mind-boggling. (Score:5, Insightful)
I can perfectly well imagine someone purposely piping all the user input to root shell for easy debug and development, then forgetting to disable it in the release version.
Re:Life under the thumb of cellular phone companie (Score:3, Insightful)
If that was the iPhone slashdot users would be going ballistic right now - and rightly so.
Re:This is simply mind-boggling. (Score:2, Insightful)
A better way would be to require holding down e.g. "c" during boot to enable it. Automatically sending ALL keystrokes to the console is a bad idea, even for debugging.
Re:Open source, remember? fix already out (Score:3, Insightful)
I am a programmer and I am entirely and absolutely dumb-struck by this revelation.
That is absolutely the most asinine debug method I have ever head and I am seriously wondering if it was an intentional backdoor.
Never, Ever send random commands to a shell. Hell, we are talking a unix base, there are hundreds, of not thousands of 2 and 3 letter functions which do 'something' and a significant number of them are not harmless. I realize the phone is not likely to have all of them, but it will have a number of them. 'rm' being a good example.
Re:Open source, remember? fix already out (Score:3, Insightful)
Re:Confluence (Score:1, Insightful)
I don't know what you're selling, but I'd like to buy it.
Yours,
The manager
Re:Open source, remember? fix already out (Score:3, Insightful)
The real question is how quickly can Google or T-Mobile get the fixed code into a patch, and how easy is for the user to install. Currently it appears to be mutlistep process that is not accesable to the average user. Ideally, since the phone is not locked into any service other than T-Mobile, it would seem reasonable that T-Mobile would have the responsibility to send the update over the cell network to all users. Until this happens, the phone is not fixed. It appears that they intend to do this, but not until the middle of next week. Therefore, that is when the bug will be fixed. Whether the open source nature of the bug made this update quicker, is a question open for debate.
Re:Open source, remember? fix already out (Score:1, Insightful)
... you probably won't see this sort of bug in the iPhone to begin with.