Slashdot Mirror

← Back to Stories (view on slashdot.org)

T-Mobile G1 Rooted

Posted by CmdrTaco on from the that-didn't-take-long dept.

An anonymous reader writes "T-Mobile's G1 phone, the first commercially available Android based phone, has been rooted. The exploit is extremely simple to execute, just requiring you to run telnetd from a terminal on the phone, and then connecting to the phone via telnet."

15 of 246 comments (clear)

  1. Bad Idea by TheAmit · · Score: 4, Insightful

    Waiting to see how many non-Linux types try this and get in trouble. Its not a good idea to change permissions on sh. All other apps you run on your phone and use sh are now running as root [:)] I would be very scared of this setup. Going to enjoy this

  2. Wait...so.... by kcbanner · · Score: 3, Insightful

    The user...has to run telnetd...as root...how...how is this an exploit? Maybe its more complex than this but the site is currently 503ing for me.

    --
    Obligatory blog plug: http://www.caseybanner.ca/
  3. This is like saying... by NitroWolf · · Score: 4, Insightful

    This is like saying something is "bricked" when it's just a bad firmware flash that can be fixed.

    The phone isn't rooted. Rooted means someone gained root access through an exploit and/or installed a root kit. Running telnetd and then connecting as root is a normal method of logging in, no exploits required.

    Or are they saying every UNIX system that has a method of remote access is rooted?

  4. They left Telnetd on it? by LWATCDR · · Score: 3, Insightful

    What???
    Telnetd is one of those things that should just be deleted from every system that it is on.
    Just use SSH folks.

    --
    See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
  5. Re:Rooted? by deniable · · Score: 3, Insightful
    More importantly, if you have physical access to the console, all bets are off.

    News Flash

    Houses are rootable. If you unlock your doors and hang out a 'rob me' sign, people can break in.

  6. Re:Rooted? by deniable · · Score: 4, Insightful
    Well, yeah. You did run telnet for them. Why else would you run it? Hasn't it been on the list of don't run services for years now?

    The much better question is: why is there a telnetd on the phone in the first place?

  7. Re:Coral to the rescue by Splab · · Score: 3, Insightful

    I've never understood why so many web programmers insist on parsing E-mail addresses, very few are capable of doing it correctly. I usually use splab+someidentification@mydomain.tld - this way I can track where I submitted the address they got - but since programmers insists on parsing the E-mail address they almost always considers + to be invalid.

    Just send the person a confirmation E-mail and bobs your uncle.

  8. Re:Rooted? by Olix · · Score: 3, Insightful

    To be fair though, lots of people /are/ stupid enough to fall for this kind of thing... consider how well that "I love you" worm or whatever it was did a few years back.

    With the right method, I'm sure you could con people into doing something silly with an Offical-sounding text message, and then exploit it.

  9. Re:I haven't followed the whole Android business, by Yetihehe · · Score: 4, Insightful

    Better get used to it. First was the "hacker" word, now "rooting".
    What's next, "open"?

    --
    Extreme Programming - Redundant Array of Inexpensive Developers
  10. Re:Rooted? by Pope · · Score: 3, Insightful

    If the door's unlocked, it's hardly "breaking in," is it?

    --
    It doesn't mean much now, it's built for the future.
  11. Re:Rooted? by Sparr0 · · Score: 4, Insightful

    Because telnetd has some tiny fraction of the system overhead of ssh daemons, even "tiny" ones.

  12. Whole lot of stupid going on in these replies .. by Idimmu+Xul · · Score: 4, Insightful

    The point of this exploit isn't so you can remotely hack other people's phones, it's so mobile hackers can get to a lower level than Android permits users to do, which will allow them to flash the phone with unsigned custom updates and what not and customise their phone more.

    People should really read the articles and smarten up.

    --
    The problem with slashdot is that most of its users were bullied and stuffed into lockers as kids!
  13. Re:Coral to the rescue by Anonymous Coward · · Score: 1, Insightful

    And that's why there are things called Prepared Statements, where you pass in the values as parameters rather than as part of the SQL string.

    Anyone not using them should not be working with databases. Why reimplement your own quoting function, or use a platform-provided quoting function, when there is this sane method to do things!

    However there is no need to verify email addresses are valid beyond asking for the use to verify their email address (far more reliable for catching mistypes that running a regex on a single field) in the form.

  14. Re:I haven't followed the whole Android business, by Duradin · · Score: 3, Insightful

    Don't forget "bricked".

    Bricked used to mean you took the piece of equipment out to the firing range for its final trouble "shooting".

    Now it means you just press the reset button.

  15. Re:Rooted? by sexconker · · Score: 3, Insightful

    The BEST ringtones!
    The FUNNIEST jokes!
    REAL horoscopes tailored for YOU!

    Sports! Fashion! Celebrity gossip! Keno numbers!

    Just text FAIL to 37528!

    Sign up now and get a free spinning rim background!

    SPECIAL BONUS for G1 owners!
    After texting FAIL to 37528, open up telnet to receive your mystery gift!

    Text FAIL to 37528, TODAY!