Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bug In Android Passes Keystrokes To Root Shell

Posted by Soulskill on from the watch-what-you-type dept.

pasokon writes "ZDNet reports on an Android bug in T-Mobile G1s with early versions of the firmware: 'When the phone booted it started up a command shell as root and sent every keystroke you ever typed on the keyboard from then on to that shell. Thus every word you typed, in addition to going to the foreground application would be silently and invisibly interpreted as a command and executed with superuser privileges. ... open the keyboard tray on your G1, ignore anything you see on the screen, and type these 8 keystrokes: (enter)-r-e-b-o-o-t-(enter). Poof, your phone will reboot.'"

10 of 205 comments (clear)

  1. Open source, remember? fix already out by dnwq · · Score: 4, Informative
    From TFA:

    If you see anything later than RC29 then you already have the fix.

    Because Android is open source, the problem was quickly tracked down by users to a couple lines in the system file init.rc. My guess is that this was accidentally left in during device debugging.

  2. Degradation by Ashcrow · · Score: 2, Informative

    This coming from Google? That surprises (and scares) me. I don't know how something like that would get through a QA process unless the QA process was rushed ... oh no, please don't become like almost every other software company out there Google! :-/

    1. Re:Degradation by Champion3 · · Score: 2, Informative

      Well, they do ship almost everything as "beta"...

      --
      I'm going to the casino. Don't gamble.
  3. Re:False by cicatrix1 · · Score: 5, Informative

    Update: oops. it's real!

    I restarted my phone manually, and tried this on a fresh boot. My phone did immediately restart. Yikes.

    --

    I know more than you drink.
  4. Re:This is simply mind-boggling. by Otto · · Score: 5, Informative

    Read this:
    http://android.jim.sh/index.php/ConsoleShell

    Looks like debugging code left behind...

    --
    - Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
  5. Re:This is simply mind-boggling. by tyler_larson · · Score: 3, Informative

    Verified this still works on the latest OTA update, RC29.

    --
    "With sufficient thrust, pigs fly just fine. However, this is not necessarily a good idea...."
    RFC 1925
  6. Re:This is simply mind-boggling. by tyler_larson · · Score: 4, Informative

    If you want to keep from fubar-ing your G1 by typing in the wrong stuff accidentally, just type "cat [enter]" first thing when you power on the device, and it will be defused from then on. All input will be harmlessly filed away to stdout.

    --
    "With sufficient thrust, pigs fly just fine. However, this is not necessarily a good idea...."
    RFC 1925
  7. Re:This is simply mind-boggling. by RzUpAnmsCwrds · · Score: 4, Informative

    The latest OTA update is RC30, which patches the issue (I confirmed this on my G1).

  8. Re:This is simply mind-boggling. by tyler_larson · · Score: 3, Informative

    You mean defused until you type Control-z, Control-d or Control-c, right?

    Nope. I really do mean from then on. Read the various write-ups to understand why.

    And for bonus points, see if you can find your phone's "control" key.

    --
    "With sufficient thrust, pigs fly just fine. However, this is not necessarily a good idea...."
    RFC 1925
  9. Re:Nah it'll never work by smoker2 · · Score: 2, Informative

    How is that relevant ?
    I have linux installed on a compact flash card, and it sees itself as residing on hda because it is connected via adapter to an ide socket. It might be seen as sda if it were connected to a SATA connection.
    No physical ide (or SATA) drive needed. There might easily be interface emulation to ease the porting of the OS to solid state devices.