Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bug In Android Passes Keystrokes To Root Shell

Posted by Soulskill on from the watch-what-you-type dept.

pasokon writes "ZDNet reports on an Android bug in T-Mobile G1s with early versions of the firmware: 'When the phone booted it started up a command shell as root and sent every keystroke you ever typed on the keyboard from then on to that shell. Thus every word you typed, in addition to going to the foreground application would be silently and invisibly interpreted as a command and executed with superuser privileges. ... open the keyboard tray on your G1, ignore anything you see on the screen, and type these 8 keystrokes: (enter)-r-e-b-o-o-t-(enter). Poof, your phone will reboot.'"

1 of 205 comments (clear)

  1. Excuse me? by ToasterMonkey · · Score: 0, Troll

    Bingo - You won't see this sort of turnaround time for a fix for the iPhone.
    and this is why FOSS is a champion to me - the community fixes the issue and everyone else can check the fix to make sure it's not malicious.

    Hah, was it a short turn around because it was an extremely nasty bug, or because the fix was only a few lines in an rc file? Oh no, surely it's because of the 'community'.
    The community is responsible for testing cellphone software? WHERE? The community has any involvement with deploying software updates to cellphones? WHEN THE FUCK DID THAT HAPPEN?

    And this is why all gov't entities in the USA should use FOSS. The people/community as a whole can do a better job of keeping the government secure than corporations can.

    Everything you typed was unknowingly redirected to a root shell, and you have the BALLS to say that this took the community at large to detect and correct the issue, therefor the government should use FOSS. Sorry, the free in FOSS doesn't have anything to do with preventing or correcting bugs, and a bug like this screams why the fuck didn't the 'community' QA/test process detect it before shipping? If fewer bugs like this appeared in open software, MAYBE you'd have a leg to stand on, but no, this was a shipping product, and one fugly ass bug. You can't blame open source for the bug, and you sure as shit can't give it extra credit for the fix.

    I'm sick and fucking tired of coolaid drinking, rosy glasses wearing assholes that attribute all this bullshit to open source. Open software is good for a tremendous number of things, but when the community code review process misses a bug THIS fucking huge, how can you possibly give FOSS credit? It had absolutely nothing to do with delivering the fix, everything to do with finding it, and you know full well a bug of this nature should have been caught in any standard QA process. This is not a "only a giant army of warrior geeks armed with source could have spotted it" bug, though those DO exist. They shipped with a big 'ole chunk of debugging code enabled.

    Android QA team: F-
    Community process: failure to appear