Slashdot Mirror

← Back to Stories (view on slashdot.org)

T-Mobile G1 Rooted

Posted by CmdrTaco on from the that-didn't-take-long dept.

An anonymous reader writes "T-Mobile's G1 phone, the first commercially available Android based phone, has been rooted. The exploit is extremely simple to execute, just requiring you to run telnetd from a terminal on the phone, and then connecting to the phone via telnet."

8 of 246 comments (clear)

  1. Re:Wait...so.... by MrMr · · Score: 3, Informative

    No it's not more complex. The curious bit is that telnetd appears to set uid=0 after login, which allows you to make a setuid root shell.

  2. Re:This is like saying... by omeomi · · Score: 4, Informative

    The phone isn't rooted. Rooted means someone gained root access through an exploit and/or installed a root kit. Running telnetd and then connecting as root is a normal method of logging in, no exploits required.

    Well, given that it's a device that isn't designed to be root-accessible by the user, this did require somebody to do something that the manufacturer didn't intend in order to gain root access.

    --
    ZuluPad, the wiki notepad on crack
  3. Re:I haven't followed the whole Android business, by Sparr0 · · Score: 4, Informative

    Sorry, I fail for not RTFA. They are misusing "rooted", which confused me. "rooted" in the popular [geek] vernacular means that a remote non-admin user can gain root access, such as through a buffer overflow exploit. It has nothing to do with the practice of gaining root access on your own devices.

  4. No, you don't have to run as root first. by Animats · · Score: 4, Informative

    It's apparently weirder than that. Running "telnetd" as an ordinary user apparently allows remote logins as root. This happens even though the "telnetd" executable does not apparently come with permissions set-UID to root. If that's correct, there's a security hole somewhere else that's being used by accident here. Is "login" a set-UID program on Android phones?

    (As a robotics guy, I hate the name "Android" being used for a telephone. It's the worst choice since "U.S. Robotics" which ended up as a modem company.)

  5. Re:Rooted? by Anonymous Coward · · Score: 4, Informative

    And it also works in the other way... you can put your already rooted equipment into any window, and anybody inside that house will be able to gain root access, and also call the
    police

  6. Re:Rooted? by paeanblack · · Score: 5, Informative

    If the door's unlocked, it's hardly "breaking in," is it?

    Yes it is.

    The "Breaking" part of "Breaking & Entering" refers to breaking the plane of entry, not physically damaging anything.

    "Breaking" is not actually a separate action from "Entering". The reason they are used together is for clarity...one word derives from Old English, and the other word derives from French. Writing laws this way was useful when the Normans and Saxons were trying to cohabitate on the same island.

    There are many legal terms constructed the same way:
    Null and void
    Cease and desist
    Last Will and Testament
    Aid and Abet
    Goods and Chattels
    Terms and Conditions
    etc.

  7. Re:Rooted? by Smauler · · Score: 4, Informative

    Erm.... Breaking and entering is exactly what it says. Just entering is call trespassing, and just breaking is called criminal damage. Don't ask me how I know :).

  8. Re:Coral to the rescue by GXTi · · Score: 3, Informative
    I don't understand why placeholder arguments aren't used 100% of the time a string is placed into a SQL query. It's completely baffling. Were that the case, SQL injection attacks would be totally infeasible, excepting even dumber TheDailyWTF-grade scenarios like having clients send SQL to the server. I suspect that PHP doesn't have them (or makes them harder to use), which would explain why it's such a horrible language.

    As for validating emails, check that there's at least one @ and that the part after the final @ has at least one dot in it, and you're good to go. No regular expressions required!