Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bug In Android Passes Keystrokes To Root Shell

Posted by Soulskill on from the watch-what-you-type dept.

pasokon writes "ZDNet reports on an Android bug in T-Mobile G1s with early versions of the firmware: 'When the phone booted it started up a command shell as root and sent every keystroke you ever typed on the keyboard from then on to that shell. Thus every word you typed, in addition to going to the foreground application would be silently and invisibly interpreted as a command and executed with superuser privileges. ... open the keyboard tray on your G1, ignore anything you see on the screen, and type these 8 keystrokes: (enter)-r-e-b-o-o-t-(enter). Poof, your phone will reboot.'"

13 of 205 comments (clear)

  1. This is simply mind-boggling. by jcr · · Score: 5, Insightful

    I can't imagine how or why anyone could accidentally pipe all user input through a root shell. This is one for the WTF of the decade.

    -jcr

    --
    The only title of honor that a tyrant can grant is "Enemy of the State."
    1. Re:This is simply mind-boggling. by SharpFang · · Score: 4, Insightful

      I can perfectly well imagine someone purposely piping all the user input to root shell for easy debug and development, then forgetting to disable it in the release version.

      --
      45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
    2. Re:This is simply mind-boggling. by Anonymous Coward · · Score: 2, Insightful

      A better way would be to require holding down e.g. "c" during boot to enable it. Automatically sending ALL keystrokes to the console is a bad idea, even for debugging.

  2. Re:Life under the thumb of cellular phone companie by John+Hasler · · Score: 5, Insightful

    Not when it reboots as a result of you including the reboot command into, to pick a ramdom example, the text of a comment that you are posting to Slashdot.

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
  3. Nah it'll never work by Colin+Smith · · Score: 2, Insightful

    shred won't be installed.

    cat /dev/urandom > /dev/hda is far more likely to work.

    HTH
     

    --
    Deleted
  4. Re:Open source, remember? fix already out by Halborr · · Score: 5, Insightful

    Ah, the beauty of FOSS.

  5. Re:True by i.of.the.storm · · Score: 2, Insightful

    Nah, this was definitely a bug. A root terminal always capturing input? Definitely debugging code left behind. That would be so easy to exploit it's ridiculous.

    --
    All your base are belong to Wii.
  6. Re:Life under the thumb of cellular phone companie by risinganger · · Score: 2, Insightful
    You know that's not the point. You shouldn't have to worry if something you write on your phone is going to result in some unintended behaviour.

    If that was the iPhone slashdot users would be going ballistic right now - and rightly so.

  7. Re:Open source, remember? fix already out by topham · · Score: 2, Insightful

    I am a programmer and I am entirely and absolutely dumb-struck by this revelation.

    That is absolutely the most asinine debug method I have ever head and I am seriously wondering if it was an intentional backdoor.
    Never, Ever send random commands to a shell. Hell, we are talking a unix base, there are hundreds, of not thousands of 2 and 3 letter functions which do 'something' and a significant number of them are not harmless. I realize the phone is not likely to have all of them, but it will have a number of them. 'rm' being a good example.

  8. Re:Open source, remember? fix already out by i.of.the.storm · · Score: 2, Insightful

    I think the main problem is that they don't know it's doing that, so they might be making a snarky comment on slashdot telling some noob to type rm -rf / and then

    --
    All your base are belong to Wii.
  9. Re:Confluence by Anonymous Coward · · Score: 1, Insightful

    I don't know what you're selling, but I'd like to buy it.

    Yours,
    The manager

  10. Re:Open source, remember? fix already out by fermion · · Score: 2, Insightful
    Unless the G1 is a hackers toy, the fact that software is OSS and the bug is fixed in the source makes no difference. The code should have been written well in the first place. Google cannot apply it's philosophy of infinite Beta programs, bad code hotfixed on the fly, and minimal emphasis of data retention because the G1 is a consumer device, not a server on the google network. These phones are not on the google networks, and not low risk items like Google Earth. In many cases phones are not toys and cosumers expect them to be safe and secure.

    The real question is how quickly can Google or T-Mobile get the fixed code into a patch, and how easy is for the user to install. Currently it appears to be mutlistep process that is not accesable to the average user. Ideally, since the phone is not locked into any service other than T-Mobile, it would seem reasonable that T-Mobile would have the responsibility to send the update over the cell network to all users. Until this happens, the phone is not fixed. It appears that they intend to do this, but not until the middle of next week. Therefore, that is when the bug will be fixed. Whether the open source nature of the bug made this update quicker, is a question open for debate.

    --
    "She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
  11. Re:Open source, remember? fix already out by Anonymous Coward · · Score: 1, Insightful

    ... you probably won't see this sort of bug in the iPhone to begin with.