T-Mobile G1 Rooted

An anonymous reader writes "T-Mobile's G1 phone, the first commercially available Android based phone, has been rooted. The exploit is extremely simple to execute, just requiring you to run telnetd from a terminal on the phone, and then connecting to the phone via telnet."

Re:Really?

I claim this first root post for Spain!

Story?

[chill]

Apparently, so has the server. Or was this story a trick to get us to stress test the new Apache on Android app?

Rooted?

[earthcreed]

This just in, all machines that you have root access on rooted! If you have access to run telnetd you already have root.

Re:Rooted?

-- unless it's setuid, of course.

Re:Rooted?

[Sparr0]

*whoosh*
people other than the person running telnetd can gain root access to the device.

Re:Rooted?

[Deadplant]

in related news, researchers have discovered that if you open a root console on any flavour of linux and stick the keyboard out a window anyone walking by will be able to gain root access to you machine.

Re:Rooted?

[deniable]

More importantly, if you have physical access to the console, all bets are off.

News Flash

Houses are rootable. If you unlock your doors and hang out a 'rob me' sign, people can break in.

Re:Rooted?

[deniable]

Well, yeah. You did run telnet for them. Why else would you run it? Hasn't it been on the list of don't run services for years now?

The much better question is: why is there a telnetd on the phone in the first place?

Re:Rooted?

[neowolf]

Agreed. Non-story. This is just stupid.

Excuse me sir... I would like to hack into your phone. Could you please type this in for me...

Re:Rooted?

[Olix]

To be fair though, lots of people /are/ stupid enough to fall for this kind of thing... consider how well that "I love you" worm or whatever it was did a few years back.

With the right method, I'm sure you could con people into doing something silly with an Offical-sounding text message, and then exploit it.

Re:Rooted?

[Pope]

If the door's unlocked, it's hardly "breaking in," is it?

Re:Rooted?

[Sparr0]

Because telnetd has some tiny fraction of the system overhead of ssh daemons, even "tiny" ones.

Re:Rooted?

[Koiu+Lpoi]

I would honestly bet that a house with a rob me sign would not be robbed. Most burglars would feel it's some kind of trick.

Re:Rooted?

That reminds me of the van owner that put up a sign saying 'No tools or valuables inside'

The next morning it had been broken into and the theives had left a note saying 'Just checking'

Re:Rooted?

[kgkeys]

If the door's unlocked, it's hardly "breaking in," is it?

Then it's entering. Of course I've always wondered why it's "Breaking AND Entering" instead of "Breaking or Entering" except of course if you DO indeed break, then you would ALSO enter, so I guess it should be "Breaking and/or Entering"

Re:Rooted?

And it also works in the other way... you can put your already rooted equipment into any window, and anybody inside that house will be able to gain root access, and also call the
police

Re:Rooted?

[paeanblack]

If the door's unlocked, it's hardly "breaking in," is it?

Yes it is.

The "Breaking" part of "Breaking & Entering" refers to breaking the plane of entry, not physically damaging anything.

"Breaking" is not actually a separate action from "Entering". The reason they are used together is for clarity...one word derives from Old English, and the other word derives from French. Writing laws this way was useful when the Normans and Saxons were trying to cohabitate on the same island.

There are many legal terms constructed the same way:
Null and void
Cease and desist
Last Will and Testament
Aid and Abet
Goods and Chattels
Terms and Conditions
etc.

Re:Rooted?

[kgkeys]

Well, that explains that... Thanks.

Re:Rooted?

[Smauler]

Erm.... Breaking and entering is exactly what it says. Just entering is call trespassing, and just breaking is called criminal damage. Don't ask me how I know :).

Re:Rooted?

[haystor]

Clearly, we should avoid using windows.

Re:Rooted?

Ah, so that's what they mean with ``world writable''.

Re:Rooted?

Not a problem. I live in a tower block....

Oh, damn you spiderman!

Re:Rooted?

[SnowZero]

Null and void

These are very different things, at least if you are a C programmer.

Re:Rooted?

[pete_norm]

How do you know?

Re:Rooted?

[lysergic.acid]

i dunno. tech support operators have a hard enough time walking the average person through how to run ipconfig on their windows PCs. trying to get the average person to open a terminal in Linux to run anything would be like trying to walk a cow down a flight of stairs.

Re:Rooted?

[thompson.ash]

Worth a quick giggle though.

Re:Rooted?

[MikeDirnt69]

Clearly, we should avoid using windows.

UP!

Re:Rooted?

[dogdick]

This is the internets, you dont need a source

Re:Rooted?

[sexconker]

The BEST ringtones!
The FUNNIEST jokes!
REAL horoscopes tailored for YOU!

Sports! Fashion! Celebrity gossip! Keno numbers!

Just text FAIL to 37528!

Sign up now and get a free spinning rim background!

SPECIAL BONUS for G1 owners!
After texting FAIL to 37528, open up telnet to receive your mystery gift!

Text FAIL to 37528, TODAY!

Re:Rooted?

No. Needs citation and permanent link to reputable source. We will then run it past the legal department and conduct a full analysis of all facts and observations and, upon filing the requisite forms, of course, only then will we consider your suggestion of "humor". Please allow the standard six to eight weeks for the laugh.

Re:Rooted?

[el+americano]

"refers to breaking the plane of entry"

No it doesn't. It meant breaking your way in, just like it sounds. The application of the laws later changed to any forcible entry and finally to even using just the force required to open an unlocked door. Isn't it great how judges can change our laws without rewriting them?! In some states the laws *have* been changed to call any trespass of an enclosed property "breaking and entering". I guess they liked the name. It's kinda cool.

"Breaking the plane" is an explanation after the fact. I think everyone here knows that that is not breaking anything. Next you'll try to tell me that breaking wind and entering is sufficient. It depends on your state, I guess.

Re:Rooted?

Well, entering is called trespassing when it's a civil offense; it's breaking and entering when it's a criminal offense. paeanblack has it right.

Re:Rooted?

[MikeDirnt69]

How can a 'UP!' be offtopic?

Re:Rooted?

Message received: To get the latest pron video on you phone place phone on the floor and step firmly with your heel on to the display.

OMG phone destroyed by virus!

Re:Rooted?

[jmorris42]

> Agreed. Non-story. This is just stupid.

Guess you didn't actually read the material. This shouldn't work but somehow a privledge escalation is allowing a non-root user to invoke telnetd and then to connect from outside and actually get a root shell. So the owner of the hardware is able to break int T-Mobile's software. Oh the horror!

So far it is more likely to simply get patched instead of developing into a full jailbreak but stay tuned. The camel's nose has entered the tent, it just might be able to get all the way in.

Re:Rooted?

[gv250]

Well, entering is called trespassing when it's a civil offense; it's breaking and entering when it's a criminal offense. paeanblack has it right.

Not in Illinois. 720 ILCS 5/21-3 says, in relevant part:

Sec. 21-3. Criminal trespass to real property. (a) ... whoever: (1) knowingly and without lawful authority enters or remains within or on a building ... commits a Class B misdemeanor.

Re:Rooted?

[Pogue+Mahone]

Your right, dammit. Should be "NULL && void*".

Re:Rooted?

[Speare]

Your right, dammit. Should be "NULL && void*".

Wow, that's two languages in which you've completely failed. In less than sixty characters.

Re:Rooted?

[fprintf]

This is not digg? Where you choose or recommend which topic responses get moderated up or down?

I tend to moderate all requests for moderators to "do their job" down every time I seem them. I often use "Overrated" since it will not be subject to metamoderation.

Re:Rooted?

that's a good one.

Re:Rooted?

[An+ominous+Cow+art]

If you want to run telnetd on a port less than 1024, anyway...

Re:Rooted?

[An+ominous+Cow+art]

Mod parent UP!

But seriously, I sometimes do the same thing when I moderate. If the comment includes additional text I'll moderate based on that, though.

Re:Rooted?

[MikeDirnt69]

Ok, but "Overrated" is way different from "Offtopic".

Next time I'll type the entire "Mod parent UP!" like our An ominous Cow art friend did with your post, so I can avoid Mod Nazis.

Re:Rooted?

[Pogue+Mahone]

The C was intentionally wrong. Sorry about the English though - brain not working properly tonight.

Re:Rooted?

[ivucica]

And if we ever do, we must make sure to shut them afterwards.

Re:Rooted?

Thanks for pointing this out, though you may think this is nothing.

Re:Rooted?

[xgr3gx]

Perhaps for all us hackers to get at a console screen, but then why not use SSH?

Re:Rooted?

[smoker2]

trying to get the average person to open a terminal in Linux to run anything would be like trying to walk a cow down a flight of stairs.

How delightfully rural !

Re:Rooted?

[elgatozorbas]

if you open a root console on any flavour of linux and stick the keyboard out a window anyone walking by will be able to gain root access to you machine.

So windows insecurity is a threat, even to linux machines?

Re:Rooted?

A "me too!" post that adds nothing to the conversation should be moderated redundant so that people browsing at 1 don't have to see it. Moderators SHOULD browse at -1 and should be able to decide for themselves how to to mod something.

Re:Rooted?

[horza]

Reminds of the Derren Brown episode where he puts a wallet full of money down in the middle of a busy London shopping street and draws a chalk circle around it. He then shows a time-lapse video as hundreds of people walk around it but nobody attempts to pick it up.

Phillip.

Re:Rooted?

[kitgerrits]

Windows:
[Windows]=[R]
[c][m][d][Enter]
[i][p][c][o][n][f][i][g][Enter]

*nix:
[ALT]-[F2]
[x][t][e][r][m][Enter]
[/][s][b][i][n][/][i][f][c][o][n][f][i][g][Enter]
That's about as simple as I can make it.
YMMV, depending on distro used.

Re:Rooted?

[dontmakemethink]

That reminds me of a great prank:

Requirements:

1. car
2. kick-ass stereo
3. power inverter
4. DVD player
5. movie with a good explosion, preferably involving a Death Star
6. wallet stacked with fake cash

Find a parking spot with a good place to hide nearby where you can still see the car within range of the remote control. You connect the DVD player to the stereo, position it where it can be remote controlled from outside, cue the movie to the explosion and pause it, crank the stereo. Place the wallet on the dashboard with the cash in plain view, leave the windows open, wait for a sucker to take a closer look.

BOoOoOoOoOoOoOM!!!

Re:Rooted?

[lysergic.acid]

sure, you and i can easily follow those directions even if we're not familiar with the that particular OS, but you give the same straightforward directions to a lay person and they'll somehow end up unintentionally re-flashing their BIOS or strangling themselves with an rj45 cable.

i mean, how many of us have tried to walk a family member through a simple procedure over the phone and have that family member wind up at a completely different and unrelated window?

Re:Rooted?

[BronsCon]

don't

Re:Rooted?

[kitgerrits]

Actually, that's the way I used to tell the 60-year-old secretary how to SSH into the (Linux) server to re-set someone's password (she had 'sudo smbpasswd').
This was usually done over the phone from the middle of b*mf*ck Nowhereland (usually on vacation)
Keep in mind that the last thing she ever did on a commandline was on Novell 3.x.

Then again, I've had someone run a post-hole digger through the company uplink in the parking lot.
http://picasaweb.google.com/lh/photo/afiSSjbIudPphXsY9Y7W7A
Straight through the cables, leaving a nice 6" gap.
It sure was easy digging through that nice, soft ground there...
That was a rather unplanned visit to a Home Depot at 4pm on a friday afternoon...

Re:Rooted?

[fatphil]

FTFA:

$ ls -l /system/bin/telnetd
-rwxr-xr-x root shell 9752 2008-09-13 01:13 telnetd

See those last 3 characters in the perms? They say "you're wrong".

Android misconfigured? I don't think so:

OSX:
$ ls -al /usr/libexec/telnetd
-r-xr-xr-x 1 root wheel 53368 Sep 19 03:20 /usr/libexec/telnetd

FreeBSD:
ls -al /usr/libexec/telnetd
-r-xr-xr-x 1 root wheel 78156 5 Mar 2004 /usr/libexec/telnetd

SunOS:
ls -al /usr/sbin/in.telnetd
-r-xr-xr-x 1 root bin 28108 Mar 4 2003 /usr/sbin/in.telnetd

Desktop Linux:
Fucknose, haven't installed it. Wanna bet against it being 555?

Re:Rooted?

[ignavus]

trying to get the average person to open a terminal in Linux to run anything would be like trying to walk a cow down a flight of stairs.

Well how did the cow get up the stairs in the first place?

(And don't tell me you keep cows in your basement).

Re:Rooted?

[profplump]

Just "entering" is generally not a crime -- to be criminal it typically requires knowledge that your presence is unlawful. And when it is a crime it's called "criminal trespass", at least 'round these parts.

Re:Rooted?

[ncc74656]

Because telnetd has some tiny fraction of the system overhead of ssh daemons, even "tiny" ones.

CPU usage for an SSH daemon during an interactive session, while it probably is higher than a telnet daemon, is still low enough (0.005% instead of 0.001%, perhaps?) that it'll most likely get lost in the noise. I have dropbear running on a WRT54GL, and it has no trouble keeping up. The trivial CPU usage is worth the added security. It might crunch a bit more during session setup when it's using public-key encryption to set things up, but IIRC everything else gets shared-key encryption (which imposes much less of a load).

Re:Rooted?

This is a scary because it gives any random program the ability to get root access. All the app has to do is start telnetd then telnet into the phone. From there it can do whatever it likes.
Full discloser: I am the one who wrote pTerminal that is used in this hack.

Re:Rooted?

[Captain+DaFt]

Believe it or not, this is one of the classic pranks.
(Earliest written account dates to ancient Rome, but I'd bet the Sumerians pulled it off too!)
It seems that a cow will readily climb up a steep slope, such as a flight of stairs, but will refuse to climb down.
(Don't ask me why, I don't know, I'd say ask a cow, but "MOO" doesn't explain a lot.)

I haven't followed the whole Android business, but

[Loibisch]

...wasn't this supposed to be an open platform anyway? I don't quite get it.

Coral to the rescue

[MightyYar]

Coral Cache

On a side note... a hyphenated domain name! How retro...

Re:Coral to the rescue

[Philosinfinity]

It could be worse... I chose a domain name with a double hyphen... aleph--null.com Whenever a web form states that my email address is invalid, i realize my folly just a bit more.

Re:Coral to the rescue

[Splab]

I've never understood why so many web programmers insist on parsing E-mail addresses, very few are capable of doing it correctly. I usually use splab+someidentification@mydomain.tld - this way I can track where I submitted the address they got - but since programmers insists on parsing the E-mail address they almost always considers + to be invalid.

Just send the person a confirmation E-mail and bobs your uncle.

Re:Coral to the rescue

[cavtroop]

Input validation is your friend. Without it, things like

''; DROP TABLE *

could be possible.

Re:Coral to the rescue

[ZERO1ZERO]

T-mobile itself has a hyphenated domain name... : http://www.t-mobile.co.uk/ what's the deal about domain name hyphenation being considered retro?

Re:Coral to the rescue

[onefriedrice]

You can sanitize the input field without parsing the email.

Re:Coral to the rescue

Unless you want your users to be able to execute SQL from a form, input validation is the wrong solution for the problem.

Re:Coral to the rescue

[juiceboxfan]

Input validation is your friend. Without it, things like
''; DROP TABLE *
could be possible.

So, there is no way to keep an arbitrary string from being interpreted as a command?
Sounds like a problem with the app.
Blocking strings at the input level would leave little Bobby Tables with out an education.

Re:Coral to the rescue

And that's why there are things called Prepared Statements, where you pass in the values as parameters rather than as part of the SQL string.

Anyone not using them should not be working with databases. Why reimplement your own quoting function, or use a platform-provided quoting function, when there is this sane method to do things!

However there is no need to verify email addresses are valid beyond asking for the use to verify their email address (far more reliable for catching mistypes that running a regex on a single field) in the form.

Re:Coral to the rescue

[deroby]

... and shouldn't be a problem

Re:Coral to the rescue

[MightyYar]

I didn't mean nuthin' by it, honest! :)

I think you come across far fewer hyphens these days... I think people are comfortable just stringing words together, and so that has emerged as the de-facto standard. myspace, youtube, facebook, etc. A quick look at the alexa top 100 shows only one hyphen in the whole bunch.

Re:Coral to the rescue

[GXTi]

I don't understand why placeholder arguments aren't used 100% of the time a string is placed into a SQL query. It's completely baffling. Were that the case, SQL injection attacks would be totally infeasible, excepting even dumber TheDailyWTF-grade scenarios like having clients send SQL to the server. I suspect that PHP doesn't have them (or makes them harder to use), which would explain why it's such a horrible language.

As for validating emails, check that there's at least one @ and that the part after the final @ has at least one dot in it, and you're good to go. No regular expressions required!

Re:Coral to the rescue

this@is.invalid is an invalid email address, as are any address with the TLD of test, example, and invalid. They are all reserved TLDs.

Thank you, you may leave now.

Re:Coral to the rescue

[Kijori]

You said it yourself - the problem is that they get it wrong, not that they do it. I use a regular expression that checks that it matches the RFC specification. A double hyphen passes, as does an address with a + in. I confirm the addresses afterward, the validation is just to check that they haven't done anything really stupid, like starting their street address in the "email address" field.

Validation is mostly about helping the user - I can't tell if they've put an incorrect address/email address/name/whatever, but I can save them the hassle of having to redo the form if they make an obvious mistake.

Re:Coral to the rescue

[whoever57]

I've never understood why so many web programmers insist on parsing E-mail addresses, very few are capable of doing it correctly. I usually use splab+someidentification@mydomain.tld

I ran across one website where the front end accepted my "me+domainname@mydomain" style email address, but the "+" in the email address broke the back end of the website. It never sent any confirmation emails, etc..

Re:Coral to the rescue

[HTH+NE1]

My domain names have hyphens because the hyphenless versions were taken. I've only had one of them rejected (by Best Buy) just because the domain was too long for their form (only seventeen characters between the @ and dot-TLD).

BTW: the alliteration of your signature would be improved if you replaced "is" with "was".

Re:Coral to the rescue

[MightyYar]

Not my sig to mangle... it comes from Dr. Seuss :)

Re:Coral to the rescue

[GXTi]

Then no public DNS server will answer for it, and the email will never be successfully sent, just as if you tried to send a mail to nobody@NonexistentSite.com. The TLD being reserved does not make the address poorly formed, and a non-standard DNS server could technically answer queries for such a name,

Re:Coral to the rescue

[pavon]

Yeah, I did that for about a week when setting up my own mail server. When over half of the websites rejected the address, I reconfigured the mailserver it to use '.' as the separator instead of '+'. I don't use periods in my email addresses anyway, and it saves the hassle on braindead webforms. Besides, the only reason that anyone ever uses a plus is for tracking, so I figured that any intelligent spammer knows about it and could easily strip out the identifier if they wanted, whereas there are a lot of people that use periods in their email addresses, so they can't sanitize that. Out of paranoia/curiosity, I have one address for my globbed emails (glob.source@example.com) and I never use the bare version of that email address, and a separate address (me@example.com) that I give out to real live people, just to see if the bare version will ever come back.

Unfortunately, I didn't see any easy way to configure postfix to have more than one separator, which makes it hard to switch after the fact. I was lucky in that I had only given out the '+' address to a dozen websites, and remembered which ones they were.

Re:Coral to the rescue

[amorsen]

so I figured that any intelligent spammer knows about it and could easily strip out the identifier if they wanted

Spammers aren't interested in the last 5% who use countermeasures. Most of the spam my machine receives has a destination address of 2bslashdot or 2busenet at my domain. (Both addresses are non-existent, but I can see the attempts in my mail servers logs.) My real unobfuscated address is shown here on slashdot and in every Usenet/mailing list post I make, but I only receive a couple of spams a year to those addresses.

It's funny that they turn + into 2b though, and I'm not sure why they drop the first part of the address. Maybe the percent sign confuses their parser. Actually I should try something like test+';drop table addresses

Re:Coral to the rescue

As for validating emails, check that there's at least one @ and that the part after the final @ has at least one dot in it, and you're good to go. No regular expressions required!

Actually, there are valid email addresses without a dot after the final @. Just because you don't own a TLD doesn't mean that nobody will ever own a TLD in the future, particularly given that there are now plans to sell TLDs more widely.

Re:Coral to the rescue

And who is your aunt ?
I hope that she and Bob are very happy.

Bad Idea

[TheAmit]

Waiting to see how many non-Linux types try this and get in trouble. Its not a good idea to change permissions on sh. All other apps you run on your phone and use sh are now running as root [:)] I would be very scared of this setup. Going to enjoy this

Re:Bad Idea

sudo fuck up my G1

Re:Bad Idea

[Philosinfinity]

Obviously you've never seen this: http://www.garyshood.com/root/

Re:Bad Idea

[tsa]

That's funny, especially the list of people who also run as root. I made a root account on my Macs, just for the reasons mentioned in that funny article. Typing sudo all the time drives me mad.

Re:Bad Idea

Have you ever tried "sudo -s" or "sudo -i" ? or "man sudo", for that matter?

Re:Bad Idea

[ColdWetDog]

I made a root account on my Macs, just for the reasons mentioned in that funny article.

Screw that, I just wiped OS X from my Mac Pro and installed XP.

Take that, bitches!

Re:Bad Idea

[cloudmaster]

I set root to use an empty password, too, because it drives me mad typing a password every time I log directly in as root to run a web browser.

Re:Bad Idea

[HTH+NE1]

Waiting to see how many non-Linux types try this and get in trouble.

It would be very easy to get them into trouble by revealing the IP range inhabited by these phones and doing a scan for open telnet ports.

Re:Bad Idea

[GiMP]

That is why there were a series of comments following the original post, indicating that you should copy sh and setuid that. It is still insecure, but a lesser of two evils.

Re:Bad Idea

Obviously you've never seen this: http://www.garyshood.com/root/

Wow, that's the largest amounts of ads I have ever seen on a single page.

Re:Bad Idea

[jaminJay]

That's funny, especially the list of people who also run as root.

Thanks a lot! I just got Rick-rolled in text because of you!

DISCLAIMER: Still picked it up when scrolling really fast... sad, sad man I am...

Wait...so....

[kcbanner]

The user...has to run telnetd...as root...how...how is this an exploit? Maybe its more complex than this but the site is currently 503ing for me.

Re:Wait...so....

[MrMr]

No it's not more complex. The curious bit is that telnetd appears to set uid=0 after login, which allows you to make a setuid root shell.

hmnn?

[Vexorian]

I don't know much about android or phones or anything, how is this a exploit? I mean, it requires you to physically get to the phone and open a terminal...

Re:hmnn?

[antifoidulus]

Well, its a problem if you are both security conscious AND stupid.... oh how I wish that was a much smaller intersection than it actually is....

Re:hmnn?

[H0p313ss]

Well, its a problem if you are both security conscious AND stupid.... oh how I wish that was a much smaller intersection than it actually is....

Yes... but we're talking here about a level of stupidity that would preclude the incredibly small demographic that would be smart enough to start telnetd in the first place.

Re:hmnn?

[denis-The-menace]

You obviously haven't met our security people.
They are quite qualified in the are of procedures.

I think I saw this somewhere:
"procedures are the last refuge of the incompetent."

Re:hmnn?

[gEvil+(beta)]

That's why I make sure I rarely have physical access to my phone. It keeps me safe.

Re:hmnn?

[deniable]

Maybe, but I've worked in places that needed *more* bureaucracy. Then again, one of those was the place where we had to upgrade the comms because the construction workers were wasting too many chargeable hours downloading their daily porn. Just one written 'No porn in the workplace' document would have been nice.

Re:hmnn?

[mr_mischief]

I've found that the most powerful "no porn in the workplace" document is a letter of termination for creating an inappropriately uncomfortable or hostile work environment. Nobody who receives such a letter ever checks porn from the company's computers again, and most of their coworkers don't either.

Re:hmnn?

[deniable]

Yes, but you need someone with the balls to issue such a document in the first place, hence my point.

Re:I haven't followed the whole Android business,

[Sparr0]

What don't you get? Someone ran a network service on an open platform, the service was buggy, the device got exploited (in theory, anyways).

Android Touch

Why cant they come out with a $100 android WITHOUT the phone capabilities? It would be a great and useful platform without having to switch your mobile provider.

Apple has the touch, why can't Google do the same?

Re:Android Touch

[squiggleslash]

You can install Android on the Nokia N800/N810, if you want. A phone-less G1 wouldn't be $100 BTW, as there'd be no reason for a phone company to subsidize it. An unsubsidized G1 is around the $400 mark, so you'd be looking at something closer to $300 for a phone-less G1.

Re:Android Touch

[mrsteveman1]

Because the phone capabilities and the applications are all it has going for it right now, when it comes to things like video and music the G1 is nearly incompetent right now, and that seriously kneecaps its chances of competing with the ipod touch.

Re:Android Touch

it plays video no better and no worse than the iphone. The problem is it lacks the normal type of headphone jack but that isnt much of a problem either since there are ways around it. I like the G1 because of its keyboard. I cant live without a keyboard because as a lawyer I type crazy amounts of stuff on my phone. I wanted something cooler than a blackberry, but that something needed to have a keyboard so I picked the G1. I like it just fine though the t-mobile G3 is kinda touch and go at the moment.

Re:Android Touch

[csartanis]

I'm guessing you've never actually used a G1.

This is like saying...

[NitroWolf]

This is like saying something is "bricked" when it's just a bad firmware flash that can be fixed.

The phone isn't rooted. Rooted means someone gained root access through an exploit and/or installed a root kit. Running telnetd and then connecting as root is a normal method of logging in, no exploits required.

Or are they saying every UNIX system that has a method of remote access is rooted?

Re:This is like saying...

Well, I found an exploit to alter the root password on Unix systems. It's really simple. You just login or su to root, then run the command 'passwd'. Works every time.

Re:This is like saying...

[omeomi]

The phone isn't rooted. Rooted means someone gained root access through an exploit and/or installed a root kit. Running telnetd and then connecting as root is a normal method of logging in, no exploits required.

Well, given that it's a device that isn't designed to be root-accessible by the user, this did require somebody to do something that the manufacturer didn't intend in order to gain root access.

Re:This is like saying...

part of the exploit is that that when *any* user logs in through telnet uid=0 is set. This allows any user to elevate to to root privileges because the users shell is set to the same uid as the telnet daemon(who is running as root)

Re:This is like saying...

[Zarf]

This is like saying...

... if you can sudo to root then you have *rooted* the system!!!

... if you can drive a car then you have *rooted* the car!!!

... if you can turn a TV on and off then you have *rooted* the TV!!!

... if you can get people to reply to your stupid message on /. then you have *rooted* SLASHDOT!!! ... whee!!!

Re:This is like saying...

Darn! Is not working for me... is asking for a password! Do you have a link to your step by step procedure? -- Some will argue that ignorance is bliss

Re:This is like saying...

[Toll_Free]

So if I have sex with a woman, I've rooted her?

Come to think of it, rooting around in a woman sounds good.

(off to find a woman).

--Toll_Free

Re:This is like saying...

[knewter]

parent++

Seriously, it's at least KIND OF a deal. First, there was no terminal of any sort on an android phone since I got mine Oct. 20th. So ~16 days from my receiving it to getting a root terminal. The pTerminal program is in many ways useless, as it's a really crappy terminal. But this is just what the doctor ordered.

Now, as I understand it the bootloader on the phone is encrypted or some such thing, so installing your own firmware is probably tivo-lockedout, but I'm not sure at all. I know android's running on the openmoko devices already, and it's apparently phenomenal.

-Josh

caveat: I'm in love with the G1. It's my constant friend. etc., etc.

Re:This is like saying...

"Well, given that it's a device that isn't designed to be root-accessible by the user, this did require somebody to do something that the manufacturer didn't intend in order to gain root access."

Source, please? Google has talked about it being an open platform -- where did you get the idea that the phone's owner shouldn't have root access???

Re:This is like saying...

On my system that command is aliased to its proper english counterpart.

I don't know what unix loser decided that two letters would slow him down so much, but that typo wasted 30 minutes of my life recently, and I hope it dies a horrible death, and soon.

Re:This is like saying...

[jonaskoelker]

Well, given that it's a device that isn't designed to be root-accessible by the user

The hack jailbreaks the phone, not roots it.

Re:This is like saying...

Well, given that it's a device that isn't designed to be root-accessible by the user,

Normally root is required to run telnetd. Even if it's not, telnetd would still need to be run as root to be able to start a shell running as root.

They already had root access before doing this.

Re:This is like saying...

[Man+Eating+Duck]

So if I have sex with a woman, I've rooted her?

I seem to recall that if you're in Australia, you have :)

Yup.

Hmmmm

Are you sure that it isn't running Windows?

In other news...

[geekmux]

...a "hacker" was questioned today when it was discovered at the Genius Bar that he had set his own root password on his Macbook.

Give me a break. It was bound to happen.

Re:I haven't followed the whole Android business,

It appears to be mostly open apparently they are following the Tivo model. This means that you won't be able to build a custom kernel that will run on the device because the public doesn't have access to the signing keys.

Smartphone - phone = PDA

[tepples]

Why cant they come out with a $100 android WITHOUT the phone capabilities? It would be a great and useful platform

A smartphone without the phone is called a PDA. And yes, there is a Linux PDA; you will just have to wait for the next preorder.

Re:Smartphone - phone = PDA

[omeomi]

A smartphone without the phone is called a PDA

I don't know that many people would call an iPod Touch a PDA...I think the term PDA has more to do with its intended use rather than any actual physical capabilities.

Re:I haven't followed the whole Android business,

[saintsfan]

i think the poster is asking- why is it necessary to use a work-around to gain root access on an open device you own

They left Telnetd on it?

[LWATCDR]

What???
Telnetd is one of those things that should just be deleted from every system that it is on.
Just use SSH folks.

Re:They left Telnetd on it?

Why? Zee gemrmanz might hijack your 2m long cable?

Re:They left Telnetd on it?

[Krneki]

Why? Zee gemrmanz might hijack your 2m long cable?

Stupid bugs ....

Re:They left Telnetd on it?

[1stvamp]

If you RTFA, ptelnetd is installed first by the user. This then somehow gains setuid privs without the setuid bit being set (as someone else commented, perhaps `login` does).

Re:They left Telnetd on it?

[ArchieBunker]

Take a good at the number of vulnerbilities in ssh these past few years compared to telnet. Not to mention ssh is very cpu intensive for an embedded device.

Re:They left Telnetd on it?

[mr_mischief]

It's not setuid if it runs as root and has the privs of root. In fact, not setting the uid would be the issue (if there's actually any problem with a device's owner having access to his devices's administration).

Re:They left Telnetd on it?

[kv9]

Take a good at the number of vulnerbilities in ssh these past few years compared to telnet.

oh yeah, telnet is super secure

Not to mention ssh is very cpu intensive for an embedded device.

I have SSH running on my phone, on my switch and on my UPS without any issues. you have absolutely no excuse for using telnet (unless it's a MUD or something).

Re:They left Telnetd on it?

[1stvamp]

Indeed.
I stand corrected (and sometimes with the help of a stick.)

However if telnetd is running something owned by root with setuid....

Re:They left Telnetd on it?

[mr_mischief]

Well, I've read now that the telnetd in question does not, in fact, run as root. I wonder if that means the platform doesn't enforce limitations on who can listen on ports below 1024, but that's a side issue.

So something else is elevating the user's status. It could be login or something else. I don't have one of the phones and I don't have the cash to buy one just for the sake of curiosity right now. If I did buy an "open phone platform" on which I was being kept from being root, though, I'd be pissed.

Re:They left Telnetd on it?

[1stvamp]

I'm getting one on a free upgrade on tmob UK this coming week so I'll have to investigate what's causing the priv escalation (seeing as most of the people in the linked article don't seem to have a clue.)

Re:I haven't followed the whole Android business,

[Sparr0]

Sorry, I fail for not RTFA. They are misusing "rooted", which confused me. "rooted" in the popular [geek] vernacular means that a remote non-admin user can gain root access, such as through a buffer overflow exploit. It has nothing to do with the practice of gaining root access on your own devices.

No, you don't have to run as root first.

[Animats]

It's apparently weirder than that. Running "telnetd" as an ordinary user apparently allows remote logins as root. This happens even though the "telnetd" executable does not apparently come with permissions set-UID to root. If that's correct, there's a security hole somewhere else that's being used by accident here. Is "login" a set-UID program on Android phones?

(As a robotics guy, I hate the name "Android" being used for a telephone. It's the worst choice since "U.S. Robotics" which ended up as a modem company.)

Re:No, you don't have to run as root first.

Actually, the only weird thing is that telnet can listen on port 23 (but removing the privileged-ports-for-root-only rule might make sense on a phone). Telnet often exec()'s /bin/login or similar, and if that file is setuid root...

Re:No, you don't have to run as root first.

[SnowZero]

Just about everyone in the robotics community calls them humanoid robots anyway. "Android" and "droid" are pretty much confined to sci-fi, and by the time we have real androids, I'm pretty sure this phone OS will be a thing of the past. Sure, Ishiguro's current work in this area is pretty interesting, but even those robots are only mistaken for humans from a distance, and they aren't mobile.

Re:No, you don't have to run as root first.

[GXTi]

In a few decades, the Robotic Feminist Movement will inevitably push "android" and "gynoid" onto the euphemism treadmill for being too gender-specific. Equality for robots of all shapes!

Re:No, you don't have to run as root first.

As a robotics guy, I hate the name "Android" being used for a telephone.

This makes about as much sense as hating Apple because you're a grocery store clerk.

Re:No, you don't have to run as root first.

[Loibisch]

What makes sense to me and what doesn't is none of your business!

sincerely,
your grocery store clerk

iPod Touch = PDA

[SkimTony]

That depends on your expansion of "PDA." Have you seen the Apple fanboys making out with their devices in public? I think that counts as PDA as well.

WTF?

[razzmataz]

Why is telnetd installed in the first place?

Re:WTF?

[mr_mischief]

Because the user who wants to do this downloads and installs a telnet daemon. TAIYF.

Explanation

[mpapet]

Historically, other closed systems rely on running security/lockout things in some kind of root such that should the user elevate their privileges to root, they can screw around with the closed system.

I don't know enough about the platform in question to know if getting to root gives you the freedom to defy the carrier's wishes.

Even if getting root privileges opens the phone up in ways Google did not plan, what are the actual long-term benefits? I don't see any.

Re:I haven't followed the whole Android business,

[Colonel+Korn]

Sorry, I fail for not RTFA. They are misusing "rooted", which confused me. "rooted" in the popular [geek] vernacular means that a remote non-admin user can gain root access, such as through a buffer overflow exploit. It has nothing to do with the practice of gaining root access on your own devices.

I think they're using it to imply that you're renting access to Google's OS instead of gaining ownership of it, so you're gaining root access against the owner's intent.

Trojan Apps

[grahamsz]

This in theory means any trojan app that requests "internet access" can telnet in and root the device it runs on.

That's a sizable risk

Re:Trojan Apps

[lysergic.acid]

if you have a trojan on your system then you're already rooted. being able to run telnetd is not a security problem.

if on the other hand telnetd started up on its own, or could be remotely triggered, then it'd be a serious security flaw.

Re:Trojan Apps

[nine-times]

That's a sizable risk

No more sizable than on any platform that's remotely "open". If I can install and run unsigned apps, then trojans are a risk. If I can only run signed apps, then the risk is mitigated by exactly the same amount that the signing authority is trustworthy.

Trojan apps are just a risk.

Re:Trojan Apps

[grahamsz]

Well Android has a permissions architecture where each application's manifest describes the permissions that it needs.

I'd be a lot more wary of an application that claimed it needed access to my contact information than one that just needed internet access alone.

Holes like this could circumvent the permissions system.

Re:Trojan Apps

[fatphil]

Nonsense. I've got hundreds of trojans on my system. Are you claiming that I've been rooted?
A file is just a file. Rooting is privilege escalation. It's a category error to compare them.

Re:I haven't followed the whole Android business,

[Yetihehe]

Better get used to it. First was the "hacker" word, now "rooting".
What's next, "open"?

Collective *gasp*

[Zarf]

... everyone ready? one... two... three... *gasp*!!!

Yes and No

[grahamsz]

I use the data capabilities far more than the phone capabilities.

The fact that it's only EDGE here until next week isn't really a big deal because i'm scarcely ever off wifi.

Re:I haven't followed the whole Android business,

[SirJorgelOfBorgel]

Sure you will. I know people are working on it (guess I'm going to be guinea pig for this again). Most HTC Windows Mobile devices this has been done long ago (and usually takes only a couple of days after a new one comes out).

Not having the signing keys is usually not that much of an issue (just disable the key check).

Exploit, Vulnerability, or "Working as Intended"?

[Laebshade]

Calling it an exploit is a stretch; perhaps it's just a vulernability, or dare I say, "working as intended"? I doubt google left such an obvious "security" flaw by mistake.

Whole lot of stupid going on in these replies ..

[Idimmu+Xul]

The point of this exploit isn't so you can remotely hack other people's phones, it's so mobile hackers can get to a lower level than Android permits users to do, which will allow them to flash the phone with unsigned custom updates and what not and customise their phone more.

People should really read the articles and smarten up.

You missed something important...

[Viol8]

This telnetd didn't ask for a login or password - it just went straight to a root shell prompt.

Re:You missed something important...

[mr_mischief]

On a single-user device, the account you use is often root. Telnet typically has to run initially as root in order to listen on port 23. It then normally drops privs to the user who logs in. If the intent of the application wasn't to allow root access, then there's a bug in the telnet daemon. On a single-user device which is likely running in single-user mode, I'm not surprised it's easy to have a shell as root, though. I would expect this system they've been calling wide open to be, well, wide open.

Re:You missed something important...

[Eric+Smith]

Android does NOT run everything as root. They have a security model that uses separate user ids for many things, and root for almost nothing. When you start the telnetd, it is as a non-root user, and the telnetd is not setuid. However, when you connect to the telnetd from a telnet client, you get a root shell. Something extremely weird and/or broken seems to be going on in there.

Re:You missed something important...

[GiMP]

I'm suspecting it is insecure allocation of ptys?

No it isn't

[Viol8]

I have a small LAN with 2 machines at home behind a hardware firewall thats generally not connected to the internet anyway. Why do I need to run sshd on them when telnetd does me fine?

Re:No it isn't

[LWATCDR]

why not run sshd on them?
You can even do ssh tunneling and use scp. Plus if you ever put them on the internet you will not have to "remember" to take telnet off.

Re:No it isn't

[Culture20]

Humans are habitual by nature. Regularly using telnet at home, one runs the risk of accidentally using telnet outside the home.

Re:No it isn't

[fatphil]

Yes, you should get in the habit of only using SSH. That way when the internet cafe has a keylogger trojan installed you can have your credentials stolen without even realising you might be at risk.

Re:No it isn't

[Viol8]

"why not run sshd on them?"

Hassle. telnetd is fire and forget.

Re:No it isn't

Never use a computer in an internet cafe

EVer thought of RTFA first?

[Viol8]

Silly me , this is /.

Carry on...

Haha this was such a non-hack...

[SplasPood]

When I found this I didn't even bother posting it to xda for a couple days thinking it was so obvious that it had to be intentional/known.

Guess other people were in fact interested!

Re:Haha this was such a non-hack...

[ColdWetDog]

When I found this I didn't even bother posting it to xda for a couple days thinking it was so obvious that it had to be intentional/known.

Guess other people were in fact interested!

Next time, just run out and patent the idea. You could make some money.

Re:I haven't followed the whole Android business,

[Duradin]

Don't forget "bricked".

Bricked used to mean you took the piece of equipment out to the firing range for its final trouble "shooting".

Now it means you just press the reset button.

Re:BUT TEH GOOGEL BE TEH DUNT BE TEH EVEL!!!111!!!

Where is the -1: WTF? mod?

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:BUT TEH GOOGEL BE TEH DUNT BE TEH EVEL!!!111!!!

-1: Inbred

Re:I haven't followed the whole Android business,

[joeytmann]

I thought "bricked" mean't that the device was altered in such a bad way it is no longer usable, even with a hard reset, and its only use now is a brick...

Re:I haven't followed the whole Android business,

[slimjim8094]

Which is why it makes an excellent shooting target.

it's the flying spaghetti monster!

He IS risen...

Re:Whole lot of stupid going on in these replies .

[todrules]

People should really read the articles and smarten up.

You must be new here.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Isn't it MY device??

[Hurricane78]

Seriously... it makes the news, when a device is rooted, that you OWN? I mean, isn't that the point of owning a device? That you can do whatever you want with it?
Else it is not sold but leased. If they say they sold it, but do not give you root access, to me that is deliberate fraud and should be followed by a billon-dollar class-action lawsuit to sue them out of business.

How long before such news come out on the newest PC (eg from Dell)?

Oh, I forgot... that was a major "feature" of Vista, called TCPA.

Thank god all my friends and I never ever have to buy a complete PC in one piece, because of me. :)

I still don't get it

[stormesj]

Ok, I read the entry and it looks like someone is installing Telnetd and it's doing what it is supposed to do. This is a "rooting" just like turning on terminal services on Windows allows remote access.

Little silly to setup with root access but this is not a flaw as such, just telnetd running as root without login.

What so cool about this. Any good Unix book on telnet would tell you the same thing?.

Re:I still don't get it

[fatphil]

You misread or misunderstood. telnetd is not doing what it is supposed to do. telnetd's supposed to attempt to open a priveleged port (<1024), and supposed to fail if you do not have the required permissions to do so (i.e. be root). (Of course the way it's most likely to fail is by having the kernel itself reject this attempt.)

The user running telnetd was _not_ root. The telnetd executable was not suid root. It should not have been able to open the port. The acquiring of root permissions was not supposed to happen. This is a local root exploit. The phone's been rooted.

RS232 anyone?

[NicknamesAreStupid]

Great! Now I finally have a use for that VT100 in the garage.

Just rooted my Linux box

OMG I just totally rooted my Linux box by logging in as root! Shh, don't tell!

Shut up, Vespucci!

[ColdWetDog]

Wow. Somebody with mod points got it.

And it's not even Monty Python.

Re:Whole lot of stupid going on in these replies .

[Darkrift411]

I agree. Root was obtained on a device that was locked to prevent it. The term rooted was thrown in there to sound harsh ("we rooted it" sounds better then "we obtained root"). Stop getting caught up on semantics and read the story. A phone that was locked down (by tmobile, not google) is now completely open.

Free advertisement!

The much better question is: why is there a telnetd on the phone in the first place?

Well, duuh. Isn't it obvious? That is to make sure the phone can be rooted, the story be posted on /. in order to get free advertisement. Mission accomplished!

Explanation

I think people are misunderstanding this exploit. The G1 is locked down so that a user normally can't get root access on the phone. This severely restricts the modability of the phone. Sure, you can install your own android apps.. but you can't change the android system in any way.

This exploit allows a user to get root access on the device, and thus opens a new world of modding possibilities. You are no longer restricted to what the android SDK allows you to do.

Maybe the term "rooted" isn't quite the right term, but that's debatable. In any case, this a great find, that allows us G1 owners to have *much* more control over our phones.

In addition to...

[jonaskoelker]

So are Terms and Conditions.

Terms are the things around your pluses and minuses.

Conditions (in my interpretation) are expressions of an integral type inside a conditional statement.

I wouldn't want to handle volatile chemicals or long johns or union jacks if I'm about to get struct bylightning. Happened to me once, a long long time ago.

You could

[jonaskoelker]

You could always send them a POST request to their "contact us" page, explaining them about the problem.

They are likely to believe that you are sending them an email when in fact they're sending themselves an email.

They're also likely to not know the difference between a million datagrams and a ton of data.

Of course the contact us page rejects the address you enter into the address field.

Fortunately, they're competent enough to know that clients can always be trusted, so you can just post your complaint with socat (or netcat, or telnet) to get around their checks which they only did in javascript.

Don't you just love incompetent hackjobs? ;)

Re:I haven't followed the whole Android business,

"Brick" was one too I think.

Re:BUT TEH GOOGEL BE TEH DUNT BE TEH EVEL!!!111!!!

[xLittleP]

Where is the -1: WTF? mod?

What are you talking about? That could be a great reason for +1, too!

Re:Whole lot of stupid going on in these replies .

[Archangel+Michael]

Looking at his UID it is lower than yours. newbie

Re:I haven't followed the whole Android business,

[Eric+Smith]

wasn't this supposed to be an open platform anyway?

That's like saying that a Tivo is an open platform because it runs Linux. Sorry, it ain't so.

Android is an open platform. It's released under open source licenses, and anyone can make Android-based devices.

The G1 happens to run Android, but is not open. It contains a lot of stuff that is not part of the open-source Android platform. It will not run firmware that is not signed, so even though you can build your own version of the Android firmware, you can't run it on a G1, and even if you did, it would only have a subset of the G1 functionality.

If you build your own Android-based firmware, it would be no problem to get root access, but you're not supposed to be able to get root access on a G1, and especially not by starting a telnetd as a non-root user.

Re:BUT TEH GOOGEL BE TEH DUNT BE TEH EVEL!!!111!!!

[spazdor]

I want complex moderations.

(+i, Imaginative)

If you already have root...

[argent]

"cd /system/bin" then "telnetd"

Does this mean that telnetd is setuid root, or does it mean that you already have to have root to get root?

Re:If you already have root...

[amorsen]

Does this mean that telnetd is setuid root, or does it mean that you already have to have root to get root?

Neither. That is why this article is news.

Re:If you already have root...

[matt_hs]

"If you have to have root to get root, then you have root and don't need to get root."

-- Yogi Berra (?)

Re:If you already have root...

[argent]

If you run telnetd from a non-root account, telnetd will NEVER, NOHOW, give you root, unless it's setuid. Period.

If telnetd gets you root, then either telnetd is setuid root, or you already were running as root in the shell you started telnetd from.

There is no third option. "Neither" isn't a possible answer.

Re:If you already have root...

[kitgerrits]

I wonder how telnetd can claim port 23 without being setuid root...
Otherwise, finding it might take some, ehm, research.
*sniff* "You smell that?" *sniff*

Re:If you already have root...

[fatphil]

Why do you not get teh whole point of this story?

The third option is "something between telnetd and the kernel is broken - non-root users are able to do things that only root users should be able to do".

Or in the context of the earlier either/or question - "neither".

Re:If you already have root...

[argent]

The third option is "something between telnetd and the kernel is broken - non-root users are able to do things that only root users should be able to do".

That is about as likely as the spontaneous generation of trout in milk.

That option is far less likely than the option that the original shell was running as root all along and has some application level tweaks to try and keep people from knowing that they were already in a root shell.

Either telnetd or something it's running is setuid when it shouldn't be, or the original shell is really running as root.

Re:If you already have root...

[amorsen]

Your naÃve trust in security is somewhat endearing.

non-root users are able to do things that only root users should be able to do".

That is about as likely as the spontaneous generation of trout in milk.

The quoted sentence is exactly what happens in every local-root bug, and local-root bugs are not exactly uncommon.

Another poster guessed at a pty bug. I like that guess.

Re:If you already have root...

[argent]

I found my first local-root exploit in 1978. I've been doing this longer than a lot of security "experts" have been alive.

Just about every local root bug is caused by a bug in a setuid program, and the rest are caused by bugs in programs that were already running as root. The options are (a) the shell (restricted or otherwise) that you're running telnetd from is already running as root, or (b) telnetd or a program it launches is setuid. There's no third option. The kernel and device drivers (like ptys) don't spontaneously cause non-root programs to start running as root.

Re:If you already have root...

[fatphil]

I think I've got a guess what the problem might be:

$ ls -l /system/bin/telnetd
-rwxr-xr-x root shell 9752 2008-09-13 01:13 telnetd

At 9752 bytes, I wonder if that's not the whole telnet, I wonder if it execs some other binary that _is_ setuid root.

Does anyone have one of these devices - can they find all setuid files?

Re:If you already have root...

[fatphil]

So no-one's _ever_ written

                if ((options == (__WCLONE|__WALL)) && (current->uid = 0))

in any kernel source code then?

Re:If you already have root...

[argent]

That kind of glaring kernel bug counts as spontaneous generation of trout.

duh

[Thaelon]

Physical access is always root access with, perhaps, a time delay.

Re:I haven't followed the whole Android business,

[fprintf]

I agree that "bricked" use to mean the electronic gadget was as useful as a brick. Nowadays it seems, however, that it doesn't mean you need to simply push the reset button, but it often is recoverable.

For example, the router installs of DD-WRT will occasionally "brick" a router (the term used on the FAQ and forums). And yet, some fancy work with short circuiting, or soldering iron or other non-trivial tweaking may be necessary to get it going again. The router isn't a brick, but for all intents and purposes to most newbies it still is. It isn't hitting a reset button for sure, but may be recoverable.

See also: hacker, cracker, root, nerd, geek

Re:BUT TEH GOOGEL BE TEH DUNT BE TEH EVEL!!!111!!!

[Erie+Ed]

%110 Agreed

Pedant to the rescue

[http]

Did you mean aleph--aught?

Re:Pedant to the rescue

[Philosinfinity]

Did you mean aleph--naught?

Re:Pedant to the rescue

[http]

Your kung fu is better than mine.

Re:I haven't followed the whole Android business,

And here I was thinking they "rooted" the G1 to keep it safe from garbage collection.

Re:Whole lot of stupid going on in these replies .

[pavon]

The point of this exploit isn't so you can remotely hack other people's phones, it's so mobile hackers can get to a lower level than Android permits users to do.

FYI, the people replying here know that. If they really thought it was a remote exploit then they wouldn't be complaining about the use of the word "rooted" to describe it, because that would be a legitimate use of the word. It is exactly because they do know that this is a way to unlock a phone and not a way to root it that they are complaining.

In other words, this has nothing to do with stupidity or lack of understanding of slashdotters, but the fact that they would rather nitpick semantics then discuss the issue.

Rooted his own root access...

[Evil+W1zard]

* OMFG break out your "I rooted you box and didnt even use a trojan" leet t-shirt.... Lame!

Re:I haven't followed the whole Android business,

[I'm+not+really+here]

Yes. Microsoft is working on that one: http://www.microsoft.com/opensource/licenses.mspx

Re:I haven't followed the whole Android business,

[mrboyd]

Rooted means you get root access you were not supposed to get. A local root exploit (local user becomes root) is less annoying than a remote root exploit. But it is still considered rooted. And yes, it counts if it is just due to a configuration error.

So here we have a device for which you, the buyer, does not have root access. Someone found a way, via a (most probably forgotten) setuid telnetd to access the device as root. You did not have root access before. You have root access now against the will of the manufacturer. The machine has been rooted.

Re:I haven't followed the whole Android business,

[RAMMS+EIN]

``...wasn't this supposed to be an open platform anyway? I don't quite get it.''

As far as I know, it wasn't really. That's what they are screaming from the rooftops, but really, the only thing you get access to is Java. That's nothing worth getting excited about. Now, if this "exploit" actually allows you access to the *nix system, that's a whole different story. So maybe someone can shed some light on whether it does that or not.

Re:I haven't followed the whole Android business,

First was the "hacker" word, now "rooting".

Those are hardly the same. Hacking is a perfectly legal activity but the majority of people think the word means illegally breaking into a computer system. Rooting means you break into a system and gain administrator access, which in most places is illegal unless you have permission from the owner of the system. But now it seems people start to think of the word as covering places where you gain access to a device that you already own. So it seems like we are almost at the point where people think rooting means hacking and hacking means rooting.

KILL THE LAWYER (n/t)

I said no text :P

Because we teach programmers wrong ?

[curri]

I teach a DB class, and make my students do a simple web app (in php); I teach the version of functions with no placeholder since it is easier to debug (just print the string you're sending); this is also what you see in most examples (just googled pg_query, 143K hits, pg_query_params got 9K hits, ~ 14 to 1 ration !)

Of course, I'm changing my ways now, but unless we start teaching the beginners right, we're in trouble :)

Wrong

Wrong.

Here in the UK breaking and entering does mean breaking in the conventional sense. That is why you cannot be prosecuted for gaining entrance to a property if you do not have to break the locks, doors, windows etc. and why squatters, once they are in, and having secured the property, are safe until the court give the police permission to "break in" to kick them out.

If someone leaves a house empty and the window open, you are not breaking and entering by climbing in through the window... not that I am encouraging it.

Re:I haven't followed the whole Android business,

[horza]

Apple, in conjunction with their fanboys, rewrote the definition to put people off from trying to jailbreak the iPhone.

Phillip.

Re:I haven't followed the whole Android business,

[jimthehorsegod]

Or perhaps 'beta'?

Re:I haven't followed the whole Android business,

That is not at all what happened. Idiots have been misusing the term since before the iPhone was even announced, about everything from home internet routers to video game systems.

Thanks for being obsessed enough with Apple and their users to mention them, though. Non sequiturs like this must make them feel great, what with all of them being such trendy emo attention whores and all, right?

Re:I haven't followed the whole Android business,

[dontmakemethink]

I prefer the Australian interpretation of "rooting". Apparently the Canadian olympic team caused something of a stir at the Syndey games, since their uniforms bore the logo of their sponsor clothing chain "Roots". Might have well read "fucks" or "cocks"

Re:BUT TEH GOOGEL BE TEH DUNT BE TEH EVEL!!!111!!!

[BronsCon]

I was gonna suggest that, actually. +1 WTF

Also, +1 mindreading

Re:I haven't followed the whole Android business,

[BronsCon]

Actually, the local user(s) (is/are) the tiny Google Gnome(s) inside the G1. You, the remote user, are gaining root access.

Thus, rooted.

Re:I haven't followed the whole Android business,

[fatphil]

Nonsense. Rooting is someone who shouldn't be root gaining root. It can be local root exploit or a remote root exploit, it matters not. What do you claim the popular geek vernacular for a local root exploit is, if it's not rooting?

This is like saying

[Mana+Mana]

[ Car anology ]

I am sitting inside my car with the radio on. AHA! My car has been stolen.

Re:Whole lot of stupid going on in these replies .

[Vexorian]

People should really read the articles and smarten up.

1. The summary plain sucks, it barely mentions words like "rooted" or "exploit".
2. By the time most people posted their messages, there was no FA... It was severely slashdoted.
3. Now that it is available, the "article", turns out to be a random forum post that just explains how to do it. Still no explanation on why this was needed, so I'll take your pretty statement as proof you did not RTFA...

Rooted is not a good term to use.

[Choozy]

When I saw the heading I was thinking something very different to what the actual story was about. In Australia rooted == fucked ie... "Hey, wanna root?" "I'd root her." "Fuck, the car's rooted." "She's definitely rootable." "They are rooting like rabbits."

Re:I haven't followed the whole Android business,

[ConfusedVorlon]

open as in 'you can see/mess with the source code'

not open as in 'when the software is built and installed on your device, you can do whatever you like with the device'.

the devices are less locked down then the iPhone - but apps aren't allowed to do just any old thing.

Re:"Breaking"

[Unmanifest]

I think that in some places "breaking" actually does mean breaking, but there is an equivalent crime, "illegal entry". In my state, (I think) they carry approximately the same penalty.

Peer Review!

[trashbird1240]

Aren't ridiculous comments like this intercepted by the staff at Slashdot? Come on! I'm depending on you guys!