Exploitable Backhole Accidentally Left In Some MediaTek-based Phones

Lirodon writes: MediaTek has confirmed findings by security researcher Justin Case, who discovered that some devices running Android KitKat on MediaTek processors (often used in lower-cost devices) had a debug function, meant to be removed on production devices, accidentally left in by their manufacturer. This hole could be used to trivially gain root access, among other possibilities.

Backhole?

[Anonymous Coward]

Did you mean backdoor? Black hole?

Re: Backhole?

[Anonymous Coward]

The LHC must be involved...

Re:

[Anonymous Coward]

Did you mean backdoor? Black hole?

Oh god, this one's going to bring the goatse out.

Re:

[Anonymous Coward]

Blame GOD, he has put an exploitable backhole into all humans.

Re:

[Mr D from 63]

or Black Door?

Re:

[__aaclcg7560]

Uranus

Re:

[Dragonslicer]

I'm glad they finally changed the planet's name in order to end that stupid joke once and for all.

Re:

[RockDoctor]

When did they do that?

And the joke has only worked amongst people with no knowledge of Greek. No - not "Greek" in the sense of participating in anal sex (like "English" or "French"), but Greek in the sense of reading or writing at least some of the language.

Re:

[Dragonslicer]

When did they do that?

In 2620.

Re:

[arth1]

Tried clicking through to see what they meant... but the linked story is about something completely different.

You tried to RTFA? You must be new here.

Re:

[quenda]

I thought they meant something far more dangerous - the backhoe. The ultimate denial-of-service tool.
Remember a few years ago some woman in Georgia took a whole country off the internet?

http://it.slashdot.org/story/0... [slashdot.org]
http://www.theguardian.com/wor... [theguardian.com]

Re:

[Daniel Matthews]

I think he was thinking "boyishly", http://www.wolframalpha.com/in... [wolframalpha.com]

If you know what I mean....

Re:

[EEPROMS]

a blackhole is very similar to a backdoor just there is more gravity to fix it.

Uh huh. An "accident".

[Anonymous Coward]

"Accidentally" at the behest of a nation-state actor. The only real accident was it being discovered. Just like the backdoors in Screen OS, etc.

Backhole?

[ltcraben]

It's called a "backdoor" and here is a link to more information (the link posted in the summary has nothing to do with the backdoor): http://androidcommunity.com/se... [androidcommunity.com]

Re:

[parkinglot777]

Not only terrible editing, the link itself in TFA is about something else (something about television recoding technology)...

Re:

[Pseudonymous Powers]

It's called a "backdoor" and here is a link to more information (the link posted in the summary has nothing to do with the backdoor):

Probably whoever came up with "backhole" didn't want to use "backdoor" because they felt that, since doors aren't naturally occurring, describing this security vulnerability as a "door" means that it must have been put there intentionally. Whereas, in fact (as near as I can tell), this vulnerability is due to a software error, albeit seemingly an failure of release management rather than programming per se. Thus, "hole" instead of "door".

That said, I'd like to leave our distinguished editor Timothy with t

Re:

[blazer1024]

My opinion is, if a hole suddenly occurred in the back side of your house/apartment, and people started using it as a way in or out, it would actually make sense to call it the backdoor instead of the backhole. Also, backhole sounds dirty.

Backhole? Are the editors even trying?

[Anonymous Coward]

Backhole?

Are you kidding me?
Are the editors even trying?

Re:

[Anonymous Coward]

I kind of like Backhole better. Better represents the feeling you get when someone uses it against you.

Re:

[EmeraldBot]

Backhole?

Are you kidding me? Are the editors even trying?

I thought it was a brilliant improvisation, much more accurate how the whole relationship works. Maybe then our general population will finally care if we call them backholes, eh?

Re:

[AmiMoJo]

Trying to start a meme perhaps.

Re:

[arth1]

Are the editors even trying?

Are the editors even plural?

Re:

[Dragonslicer]

Are the editors even plural?

Well, in English, "zero" usually uses the plural form for nouns and verbs.

Nice system

[jones_supa]

Quite professional Japanese video production setup they have in that link. *sips coffee*

Re:

[ArchieBunker]

Near as I can tell it has something to do with 8K video. Glad to see the new owners keeping up the tradition of not checking any submissions for spelling/grammar/content/errors.

Re:

[gstoddart]

LOL, I let Chrome translate it for me, and I got this:

From the date of the ultra-popular program "Emi-ten" of Nippon TV.
But Korakuen Hall of the day, it had been wrapped in from usual little different atmosphere.
Mumu~tsu, number of cameras is 3 units often! It big also strangely in Takeshi bone!
Profusely many people! It is not a even if field technician you look, it's bossy It's beautiful.

Which tells me letting Chrome translate stuff from Japanese is a terrible idea.

Re:

[ArchieBunker]

Asian languages never translate well. For some reason Russian translation works great. With current technology why is machine translation so poor? You can't tell me with services like Siri and Cortana that we can't have better translations.

Re:Nice system

[Gr8Apes]

Because they haven't progressed to contextual translation yet, which includes phrases and grammar structure translation. Any multi-lingual person will be able to tell you that they do not translate word for word, they need the full phrase or more to go from language a to b, especially if those languages have varying grammatical structures and rules governing things like adverb and adjective placement. Also note that phrases like "top of the morning to you" should be translated to an appropriate (morning) greeting and not some nonsensical word for word replacement scheme.

Re:

[EmeraldBot]

Asian languages never translate well. For some reason Russian translation works great. With current technology why is machine translation so poor? You can't tell me with services like Siri and Cortana that we can't have better translations.

Because asian languages don't map well to English to begin with. Japanese at least uses far fewer words with very many potential meanings, and it's great for humans since we know the context. But if I told you to turn "cloud go here strength west", you'd struggle quite a bit to not add extra detail the author never said and still make a fluid sentence. Magnify by that a hundred fold because a machine doesn't even have basic intuition, and I'm actually suprised by how it sort results in somewhst readahle se

Re:

[gstoddart]

English and German are even in the same family linguistically speaking

In some ways yes, but apparently in some ways no.

Years ago a friend was taking German classes, and apparently it has subject/verb stuff which can be at the end of sentences.

So one example of how it fell apart was a place in which the speaker went on for a long time, and the translator just stopped ... because without knowing what was at the end of the long-winded sentence it was impossible know what to say next. It was a lot of stuff whi

Re:

[Anonymous Coward]

That being said, I'm surprised by the poor quality of German. English and German are even in the same family linguistically speaking...

They might be in the same language family, but that is because they have the same primary root language. In the case of English, there was the initial celtic language, similar to Welsh, that would have had some parts assimilated into the versions of Saxon & Angle that merged into the pre-Norman tongue. Then there were the Normans, speaking French, a derivative of Latin with some input from ancient Gaulish, another celtic language. They also influenced the development of English, both it's lexicon and pr

Re:

[AmiMoJo]

I posted that link in a story about the first 8k studio recordings of TV shows. I have no idea how it got into this story. I hope they still post my 8k story though, even if TFA is in Japanese.

Yeah, machine translation sucks.

Backhole?

[duke_cheetah2003]

Makes it sound like the device has an anus! I don't want that in my pocket!

No way!

[truck_soccer]

An exploitable back hole?! Why don't we start sending probes into it and find out where it goes?

ATTN: BIZX OVERLORDS

[slashdice]

I figure you guys have no idea what slashdot is about. Let me give you a brief history:

2.5 million B.C.: OOG the Open Source Caveman develops the axe and releases it under the GPL. The axe quickly gains popularity as a means of crushing moderators' heads.

100,000 B.C.: Man domesticates the AIBO.

10,000 B.C.: Civilization begins when early farmers first learn to cultivate hot grits.

3000 B.C.: Sumerians develop a primitive cuneiform perl script.

2920 B.C.: A legendary flood sweeps Slashdot, filling up a Borland / Inprise story with hundreds of offtopic posts.

1750 B.C.: Hammurabi, a Mesopotamian king, codifies the first EULA.

490 B.C.: Greek city-states unite to defeat the Persians. ESR triumphantly proclaims that the Greeks "get it".

399 B.C.: Socrates is convicted of impiety. Despite the efforts of freesocrates.com, he is forced to kill himself by drinking hemlock.

336 B.C.: Fat-Time Charlie becomes King of Macedonia and conquers Persia.

4 B.C.: Following the Star (as in hot young actress) of Bethelem, wise men travel from far away to troll for baby Jesus.

A.D. 476: The Roman Empire BSODs.

A.D. 610: The Glorious MEEPT!! founds Islam after receiving a revelation from God. Following his disappearance from Slashdot in 632, a succession dispute results in the emergence of two troll factions: the Pythonni and the Perliites.

A.D. 800: Charlemagne conquers nearly all of Germany, only to be acquired by andover.net.

A.D. 874: Linus the Red discovers Iceland.

A.D. 1000: The epic of the Beowulf Cluster is written down. It is the first English epic poem.

A.D. 1095: Pope Bruce II calls for a crusade against the Turks when it is revealed they are violating the GPL. Later investigation reveals that Pope Bruce II had not yet contacted the Turks before calling for the crusade.

A.D. 1215: Bowing to pressure to open-source the British government, King John signs the Magna Carta, limiting the British monarchy's power. ESR triumphantly proclaims that the British monarchy "gets it".

A.D. 1348: The ILOVEYOU virus kills over half the population of Europe. (The other half was not using Outlook.)

A.D. 1420: Johann Gutenberg invents the printing press. He is immediately sued by monks claiming that the technology will promote the copying of hand-transcribed books, thus violating the church's intellectual property.

A.D. 1429: Natalie Portman of Arc gathers an army of Slashdot trolls to do battle with the moderators. She is eventually tried as a heretic and stoned (as in petrified).

A.D. 1478: The Catholic Church partners with doubleclick.net to launch the Spanish Inquisition.

A.D. 1492: Christopher Columbus arrives in what he believes to be "India", but which RMS informs him is actually "GNU/India".

A.D. 1508-12: Michaelengelo attempts to paint the Sistine Chapel ceiling with ASCII art, only to have his plan thwarted by the "Lameness Filter."

A.D. 1517: Martin Luther nails his 95 Theses to the church door and is promptly moderated down to (-1, Flamebait).

A.D. 1553: "Bloody" Mary ascends the throne of England and begins an infamous crusade against Protestants. ESR eats his words.

A.D. 1588: The "IF I EVER MEET YOU, I WILL KICK YOUR ASS" guy meets the Spanish Armada.

A.D. 1603: Tokugawa Ieyasu unites the feuding pancake-eating ninjas of Japan.

A.D. 1611: Mattel adds Galileo Galilei to its CyberPatrol block list for proposing that the Earth revolves around the sun.

A.D. 1688: In the so-called "Glorious Revolution", King James II is bloodlessly forced out of power and flees to France. ESR again triumphantly proclaims that the British monarchy "gets it".

A.D. 1692: Anti-GIF hysteria in the New World comes to a head in the infamous "Salem GIF Trials", in which 20 alleged GIFs are burned at the stake. Later investigation reveals that mayn of the supposed GIFs were actually PNGs.

A.D. 1769: James Watt pate

Re:

[DeathSquid]

When will people learn their history correctly? Armstrong's actual words were "FRIST MOONWALK!!!".

Re:

[Anonymous Coward]

Fascism never makes sense. If just seems like a good idea to unskilled members of the majority culture and race who feel entitled to a free ride at the expense of others. If something only appeals to disgruntled losers, who could not learn and keep up with civilization, it does not make sense.

What kind of parents.....

[wkwilley2]

Justin Case, we should patch it anyway.

It's an alias

[Andy Dodd]

I know the guy. Justin Case is NOT his real name. (I don't know what it is, I remember seeing him acknowledged by his real name once but I forget what it is, but I do know that it's not his real name - but many people think it is.)

Re:

[wkwilley2]

That's believable.

I actually know a family, last name Case. (unrelated)

And the mother of this family sometimes jokingly states that she almost named her son Justin.

Re:

[Tablizer]

Being Monday, I made the same reading mistake at first, thinking, "Wow, hackers got some powerful tools. Darth Vader would be proud."

To get to the gist of it

[jones_supa]

What devices are affected?

Is this something actually dangerous, or something that only a security researcher can exploit in theoretical conditions?

Re:

[jones_supa]

Yeah, but couldn't an userspace app also use it to gain root access and do weird shit?

Justin Case?

[BronsCon]

Really? Justin Case? If that's not a clearly fake name, I don't know what is. And a link to a completely unrelated non-english article? Whoever the hell submitted this spam should never be allowed to submit again and whoever posted it should be fired.

Re:

[BronsCon]

Here's a hint, while you're getting all defensive: The article linked has nothing to do with any backdoor in anything. If you'd given it a quick click you'd have seen that and not bothered replying.

Justin Case?

[Locke2005]

Please tell me "Justin Case" is a pseudonym and not someone's real name!

Backhole or Backhoe?

[Idarubicin]

I have to admit that when I first read the headline, my mind processed it as

Exploitable Backhoe Accidentally...

I figured that some nitwit had decided that large construction machinery needed to be part of the Internet of Things, and that the expected outcome had come to pass.

Re:

[KGIII]

I actually had to read it twice. I was really confused.