T-Mobile G1 Rooted 246
An anonymous reader writes "T-Mobile's G1 phone, the first commercially available Android based phone, has been rooted. The exploit is extremely simple to execute, just requiring you to run telnetd from a terminal on the phone, and then connecting to the phone via telnet."
Bad Idea (Score:4, Insightful)
Wait...so.... (Score:4, Insightful)
This is like saying... (Score:5, Insightful)
This is like saying something is "bricked" when it's just a bad firmware flash that can be fixed.
The phone isn't rooted. Rooted means someone gained root access through an exploit and/or installed a root kit. Running telnetd and then connecting as root is a normal method of logging in, no exploits required.
Or are they saying every UNIX system that has a method of remote access is rooted?
They left Telnetd on it? (Score:4, Insightful)
What???
Telnetd is one of those things that should just be deleted from every system that it is on.
Just use SSH folks.
Re:Rooted? (Score:4, Insightful)
News Flash
Houses are rootable. If you unlock your doors and hang out a 'rob me' sign, people can break in.
Re:Rooted? (Score:5, Insightful)
The much better question is: why is there a telnetd on the phone in the first place?
Re:Coral to the rescue (Score:4, Insightful)
I've never understood why so many web programmers insist on parsing E-mail addresses, very few are capable of doing it correctly. I usually use splab+someidentification@mydomain.tld - this way I can track where I submitted the address they got - but since programmers insists on parsing the E-mail address they almost always considers + to be invalid.
Just send the person a confirmation E-mail and bobs your uncle.
Re:Rooted? (Score:4, Insightful)
To be fair though, lots of people /are/ stupid enough to fall for this kind of thing... consider how well that "I love you" worm or whatever it was did a few years back.
With the right method, I'm sure you could con people into doing something silly with an Offical-sounding text message, and then exploit it.
Re:I haven't followed the whole Android business, (Score:5, Insightful)
What's next, "open"?
Re:Rooted? (Score:4, Insightful)
If the door's unlocked, it's hardly "breaking in," is it?
Re:Rooted? (Score:5, Insightful)
Because telnetd has some tiny fraction of the system overhead of ssh daemons, even "tiny" ones.
Whole lot of stupid going on in these replies .. (Score:5, Insightful)
The point of this exploit isn't so you can remotely hack other people's phones, it's so mobile hackers can get to a lower level than Android permits users to do, which will allow them to flash the phone with unsigned custom updates and what not and customise their phone more.
People should really read the articles and smarten up.
Re:Coral to the rescue (Score:1, Insightful)
And that's why there are things called Prepared Statements, where you pass in the values as parameters rather than as part of the SQL string.
Anyone not using them should not be working with databases. Why reimplement your own quoting function, or use a platform-provided quoting function, when there is this sane method to do things!
However there is no need to verify email addresses are valid beyond asking for the use to verify their email address (far more reliable for catching mistypes that running a regex on a single field) in the form.
Re:I haven't followed the whole Android business, (Score:4, Insightful)
Don't forget "bricked".
Bricked used to mean you took the piece of equipment out to the firing range for its final trouble "shooting".
Now it means you just press the reset button.
Re:Rooted? (Score:4, Insightful)
The BEST ringtones!
The FUNNIEST jokes!
REAL horoscopes tailored for YOU!
Sports! Fashion! Celebrity gossip! Keno numbers!
Just text FAIL to 37528!
Sign up now and get a free spinning rim background!
SPECIAL BONUS for G1 owners!
After texting FAIL to 37528, open up telnet to receive your mystery gift!
Text FAIL to 37528, TODAY!