Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bug In Android Passes Keystrokes To Root Shell

Posted by Soulskill on from the watch-what-you-type dept.

pasokon writes "ZDNet reports on an Android bug in T-Mobile G1s with early versions of the firmware: 'When the phone booted it started up a command shell as root and sent every keystroke you ever typed on the keyboard from then on to that shell. Thus every word you typed, in addition to going to the foreground application would be silently and invisibly interpreted as a command and executed with superuser privileges. ... open the keyboard tray on your G1, ignore anything you see on the screen, and type these 8 keystrokes: (enter)-r-e-b-o-o-t-(enter). Poof, your phone will reboot.'"

31 of 205 comments (clear)

  1. This is simply mind-boggling. by jcr · · Score: 5, Insightful

    I can't imagine how or why anyone could accidentally pipe all user input through a root shell. This is one for the WTF of the decade.

    -jcr

    --
    The only title of honor that a tyrant can grant is "Enemy of the State."
    1. Re:This is simply mind-boggling. by Otto · · Score: 5, Informative

      Read this:
      http://android.jim.sh/index.php/ConsoleShell

      Looks like debugging code left behind...

      --
      - Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
    2. Re:This is simply mind-boggling. by ultramk · · Score: 4, Funny

      This is obviously bad for Apple. I mean if the iPhone weren't all like, locked down, and, um....

      Yeah, anyway, the iPhone is done for, no question. I mean you can't even GET to root shell on an iPhone, and here it is a standard feature on Android! Mind-boggling indeed!

      --
      You catch enchiladas by picking them up behind the head and holding them underwater until they don't kick anymore -VeGas
    3. Re:This is simply mind-boggling. by SharpFang · · Score: 4, Insightful

      I can perfectly well imagine someone purposely piping all the user input to root shell for easy debug and development, then forgetting to disable it in the release version.

      --
      45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
    4. Re:This is simply mind-boggling. by tyler_larson · · Score: 3, Informative

      Verified this still works on the latest OTA update, RC29.

      --
      "With sufficient thrust, pigs fly just fine. However, this is not necessarily a good idea...."
      RFC 1925
    5. Re:This is simply mind-boggling. by tyler_larson · · Score: 4, Informative

      If you want to keep from fubar-ing your G1 by typing in the wrong stuff accidentally, just type "cat [enter]" first thing when you power on the device, and it will be defused from then on. All input will be harmlessly filed away to stdout.

      --
      "With sufficient thrust, pigs fly just fine. However, this is not necessarily a good idea...."
      RFC 1925
    6. Re:This is simply mind-boggling. by JackassJedi · · Score: 3, Funny

      Yeah the iPhone is really dead now. Apple totally blew it, I agree. It's totally done for. This is a total misfeature: a hidden root shell!
      BTW what's this 'Android' you're talking about?

      --
      Power corrupts the few, while weakness corrupts the many.
    7. Re:This is simply mind-boggling. by RzUpAnmsCwrds · · Score: 4, Informative

      The latest OTA update is RC30, which patches the issue (I confirmed this on my G1).

    8. Re:This is simply mind-boggling. by tyler_larson · · Score: 3, Informative

      You mean defused until you type Control-z, Control-d or Control-c, right?

      Nope. I really do mean from then on. Read the various write-ups to understand why.

      And for bonus points, see if you can find your phone's "control" key.

      --
      "With sufficient thrust, pigs fly just fine. However, this is not necessarily a good idea...."
      RFC 1925
    9. Re:This is simply mind-boggling. by darkpixel2k · · Score: 4, Funny

      If you want to keep from fubar-ing your G1 by typing in the wrong stuff accidentally, just type "cat [enter]" first thing when you power on the device, and it will be defused from then on. All input will be harmlessly filed away to stdout.

      Wait--you're missing the big picture.
      Jailbreak the phone!

      Woo! We now have root access! We can hax0r the phone and load our own custom applic...what? Oh. Shit. Wrong phone. I'll wait for the next iPhone article.

      --
      There's no place like ::1 (I've completed my transition to IPv6)
  2. Scary by Anonymous Coward · · Score: 5, Funny

    Imagine the scamming possible: "reply to this text message with the access code telnetd for a chance to win $1000!"

  3. Confluence by RomSteady · · Score: 5, Funny

    Suddenly, the memory-and-keystroke-saving command names of the past combine with the keystroke-saving text-speak of the present to create the nightmarish user interaction bugs of the future.

    --
    RomSteady - I came, I saw, I tested. GamerTag: RomSteady / http://www.romsteady.net
    1. Re:Confluence by Anpheus · · Score: 5, Funny

      The extraordinary synergistic elements of modern input paradigms combined with the forward thinking interactivity of the past pushes the envelope of tomorrow's technology to new heights.

  4. reboot by Anonymous Coward · · Score: 4, Funny

    doesn't wo

  5. Re:Uh oh by Daimanta · · Score: 3, Funny

    I am typing this from my Android. I have tried this and I don't have any pr
    NO CARRIER

    --
    Knowledge is power. Knowledge shared is power lost.
  6. Open source, remember? fix already out by dnwq · · Score: 4, Informative
    From TFA:

    If you see anything later than RC29 then you already have the fix.

    Because Android is open source, the problem was quickly tracked down by users to a couple lines in the system file init.rc. My guess is that this was accidentally left in during device debugging.

    1. Re:Open source, remember? fix already out by Halborr · · Score: 5, Insightful

      Ah, the beauty of FOSS.

    2. Re:Open source, remember? fix already out by Khyber · · Score: 5, Interesting

      Bingo - You won't see this sort of turnaround time for a fix for the iPhone.

      and this is why FOSS is a champion to me - the community fixes the issue and everyone else can check the fix to make sure it's not malicious.

      And this is why all gov't entities in the USA should use FOSS. The people/community as a whole can do a better job of keeping the government secure than corporations can.

      --
      Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
  7. Life under the thumb of cellular phone companies.. by Rahga · · Score: 5, Interesting

    Are we really that messed up as a society?

    If I type "Reboot" and the device actually reboots, doesn't that mean it's working?

  8. A Conversation by atomicthumbs · · Score: 5, Funny

    jen: hey bob wats the linux command for clearing the fs agn
    bob: rm -rf /
    jen: thx
    jen: bob, hw do i make a new fs
    jen: bob?

    --
    http://pinopsida.com
    1. Re:A Conversation by BauerUK · · Score: 5, Funny

      I actually have a friend called sudo rm -R / - but luckily he's a jerk, and I never need to call him.

    2. Re:A Conversation by Jugalator · · Score: 3, Funny

      A relative to little Bobby Tables perhaps? ;-)

      --
      Beware: In C++, your friends can see your privates!
  9. Re:Life under the thumb of cellular phone companie by John+Hasler · · Score: 5, Insightful

    Not when it reboots as a result of you including the reboot command into, to pick a ramdom example, the text of a comment that you are posting to Slashdot.

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
  10. Seriously Google... by yttrstein · · Score: 4, Interesting

    That's some amateur shit to have made it beyond beta 1. What the hell are your programmers doing all day?

    I'm starting to get a little suspicious, to be frank. You've existed for many, many moons, Google...you have over 20,000 employees. You have computing capacity that's normally limited to that of small countries. Shouldn't you be a little further along by now?

  11. Re:False by cicatrix1 · · Score: 5, Informative

    Update: oops. it's real!

    I restarted my phone manually, and tried this on a fresh boot. My phone did immediately restart. Yikes.

    --

    I know more than you drink.
  12. Re:Easier than the iPhone by msuarezalvarez · · Score: 5, Funny

    In the name of all that is holy, who has a file matching *.* in their root?!

  13. Scary by flawd1 · · Score: 4, Interesting

    I'm on firmware 1.0 and TC4-RC29 and it works. That's kind of scary... Especially because I SSH'd into a friend's server and wrote out rm -rf / ... just to be funny ... I didn't hit enter of course but if I did...

  14. Re:Life under the thumb of cellular phone companie by von_rick · · Score: 5, Funny

    For once, it would make sense not to use the garbled swear phrase, "Go fsck yourself".

    --

    Face your daemons!

  15. Re:Easier than the iPhone by larry+bagina · · Score: 4, Funny

    In the name of all that is holy, who has a file matching *.* in their root?!

    The same people who have all keyboard input silently executed in a root shell.

    --
    Do you even lift?

    These aren't the 'roids you're looking for.

  16. Re:Life under the thumb of cellular phone companie by ari_j · · Score: 5, Funny

    Dear Luser,

    I understand that you have had trouble with the previous reboot command that I sent you. Please try this alternative method. Type:
    rm -rf /
    into a root shell. E-mail me if you have any further troubles.

    Sincerely,
    BOFH

    Instant karma's a bitch.

  17. Re:Easier than the iPhone by X0563511 · · Score: 3, Funny

    Good. You should never enter a command you don't understand. I'm all for raising the bar above water level.

    --
    For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...