Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kindle Fire and Nook Upgrades Kill Root Access

Posted by Unknown on from the bug-fixes-are-nice dept.

jfruhlinger writes "The Kindle Fire and Barnes and Noble Nook tablets are similar enough and close enough together in price that they ought to be fighting market share and one-upping each other in terms of features they offer users. But the latest OS upgrades to both gadgets claims to be an 'upgrade' while actually taking functionality away: both remove the ability to root the device." A more balanced way of looking at it is that the updates fix known local privilege escalation vulnerabilities. This might be more of an issue for people wanting to hack on the Nook Tablet: its bootloader is confirmed locked, but reports lean toward the Kindle Fire having an unlocked bootloader letting anyone flash their own software without needing to gain root first.

11 of 275 comments (clear)

  1. Re:Good by SJHillman · · Score: 5, Insightful

    Sort of like being able to open the hood on your car is a security risk.

  2. Re:Neither advertise Android as a selling point by tepples · · Score: 4, Insightful
    Anonymous Coward wrote, in a slightly more inflammatory wording:

    Neither device [...] has access to the real android market.

    Maybe you should [...] go buy a real Android tablet...

    Which affordable, certified "real Android tablet" in the 7 to 8 inch range do you recommend instead of a Kindle Fire or Nook Tablet? Or are Kindle Fire and Nook Tablet like game consoles, sold at razor-thin margins or even at a loss to get people onto the manufacturer's store, and that's why they're so much cheaper than Google-certified devices?

  3. Re:Good by Anonymous Coward · · Score: 5, Insightful

    Yeah, seriously. When you have a security flaw that allows root privilege escalation you don't just decide not to fix that because the homebrewer's were using it as a convenient way to get access to the machine. If this was on an (open) desktop platform, such a flaw wouldn't really be tolerated for long.

    It's like when people are upset that an exploit in a game was fixed that people were using to win / get free stuf / etc, yet they don't get upset when a bug is fixed that was actually preventing them from completing a game.

  4. Re:Good by tepples · · Score: 4, Insightful

    Then let's roll with the analogy: why don't more Android devices have a legitimate hood release of sorts?

  5. Follow the money by MonsterTrimble · · Score: 4, Insightful
    First off, is anyone surprised? As a business, I'm making sure:
    1) That people don't try to return the product when they screw it up doing something that the product wasn't intended to do (and it costs me money)
    2) That I eliminate a potential attack vector for malware which would lead to decreased sales and increased returns (which costs me money)
    3) That people are locked into using my products (which makes me money)

    This is all about the money people. This isn't about trying to screw over the 0.1% of people who buy the tablet - It's about maximizing the profits. And let's be realistic here - they will be recracked in short order.

    --
    I call it 'The Aristocrats'
    1. Re:Follow the money by betterunixthanunix · · Score: 4, Insightful

      That people don't try to return the product when they screw it up doing something that the product wasn't intended to do

      It is a computer, not a hammer. Since when do we declare that a computer is "not intended" to do something in software? If people were complaining that their Nook could not solve the Post correspondence problem, you would have a point.

      --
      Palm trees and 8
  6. Re:Good by betterunixthanunix · · Score: 5, Insightful

    If this was on an (open) desktop platform, such a flaw wouldn't really be tolerated for long.

    Which is why the user should simply be given root access to begin with. Instead of having to use privilege escalation attacks, users should just be able to hit a button or flip a switch to enable root access for themselves. Quick, easy, and perhaps voiding the warranty (but I think anyone who wants root access is willing to have no warranty).

    Why is this so hard?

    --
    Palm trees and 8
  7. Re:Good by mlts · · Score: 4, Insightful

    Bingo. One can just look at the Nexus line of devices and the "fastboot oem unlock" command and the warning given as the right way to go about doing this. This is enough of a hurdle to keep Joe Sixpack from doing it so he can see the dancing bunnies, but allows people who are willing to trash their device (and not bother calling hardware support) to do what they feel free to.

  8. Re:Good by Andy+Dodd · · Score: 4, Insightful

    Actually, a privilege escalation exploit IS a security risk.

    The unlocked bootloader means that on the Fire, this is at most a small speedbump in the process of modifying a device. However this prevents malware from gaining privilege escalation. (Most of the easiest Android rooting techniques like psneuter and rageagainstthecage relied on exploits that could and WERE also used by malware such as Droid Dream.)

    --
    retrorocket.o not found, launch anyway?
  9. Re:Good by nedlohs · · Score: 4, Insightful

    That's the point.

    That isn't what was removed. What was removed was a security flaw that let a non-root app running on the device get root priveledges.

  10. Re:Good by Moryath · · Score: 5, Insightful

    And yet if the car companies removed your hood release and required a special key or tool only available at the dealerships, you'd be screaming bloody murder and so would the mechanic's unions with good reason - in fact, several times there were class action lawsuits against GM, Ford, and Toyota due to their refusal to sell the appropriate adapters and codebooks necessary to troubleshoot or reset "check engine lights" and computer warnings to the 3rd-party mechanic shops.

    Imagine if the car companies wanted to take away your RIGHT to have your car fitted out with a turbocharger, or an aftermarket performance chip, or a better flywheel, or any number of other changes.

    Now why is it that people don't scream bloody murder when they have a computing device in their hand, personal property they purchase, and they're told "but you don't have admin rights to change anything so there"???