Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bug In Android Passes Keystrokes To Root Shell

Posted by Soulskill on Saturday November 8, 2008 @06:18AM from the watch-what-you-type dept.

pasokon writes "ZDNet reports on an Android bug in T-Mobile G1s with early versions of the firmware: 'When the phone booted it started up a command shell as root and sent every keystroke you ever typed on the keyboard from then on to that shell. Thus every word you typed, in addition to going to the foreground application would be silently and invisibly interpreted as a command and executed with superuser privileges. ... open the keyboard tray on your G1, ignore anything you see on the screen, and type these 8 keystrokes: (enter)-r-e-b-o-o-t-(enter). Poof, your phone will reboot.'"

3 of 205 comments (clear)

Min score:

Reason:

Sort:

This is simply mind-boggling. by jcr · 2008-11-08 06:22 · Score: 5, Insightful

I can't imagine how or why anyone could accidentally pipe all user input through a root shell. This is one for the WTF of the decade.
-jcr

--
The only title of honor that a tyrant can grant is "Enemy of the State."
Re:Life under the thumb of cellular phone companie by John+Hasler · 2008-11-08 06:34 · Score: 5, Insightful

Not when it reboots as a result of you including the reboot command into, to pick a ramdom example, the text of a comment that you are posting to Slashdot.

--
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Re:Open source, remember? fix already out by Halborr · 2008-11-08 06:56 · Score: 5, Insightful

Ah, the beauty of FOSS.