Slashdot Mirror

← Back to Stories (view on slashdot.org)

Exploitable Backhole Accidentally Left In Some MediaTek-based Phones (ndtv.com)

Posted by timothy on from the so-no-using-the-phone-ever dept.

Lirodon writes: MediaTek has confirmed findings by security researcher Justin Case, who discovered that some devices running Android KitKat on MediaTek processors (often used in lower-cost devices) had a debug function, meant to be removed on production devices, accidentally left in by their manufacturer. This hole could be used to trivially gain root access, among other possibilities.

79 comments

  1. Backhole? by Anonymous Coward · · Score: 5, Funny

    Did you mean backdoor? Black hole?

    1. Re: Backhole? by Anonymous Coward · · Score: 2, Funny

      The LHC must be involved...

    2. Re:Backhole? by Anonymous Coward · · Score: 3, Insightful

      Did you mean backdoor? Black hole?

      Oh god, this one's going to bring the goatse out.

    3. Re:Backhole? by __aaclcg7560 · · Score: 0

      Uranus

    4. Re:Backhole? by Anonymous Coward · · Score: 0

      Tried clicking through to see what they meant... but the linked story is about something completely different.

    5. Re:Backhole? by Anonymous Coward · · Score: 0

      Your mom?

    6. Re:Backhole? by Anonymous Coward · · Score: 1

      Blame GOD, he has put an exploitable backhole into all humans.

    7. Re:Backhole? by Anonymous Coward · · Score: 0

      Terrible editing.

      Perhaps intentional.

    8. Re:Backhole? by Anonymous Coward · · Score: 0

      Imagine if you put it in your back pocket!

    9. Re:Backhole? by Mr+D+from+63 · · Score: 1

      or Black Door?

    10. Re:Backhole? by Pseudonymous+Powers · · Score: 1

      It's called a "backdoor" and here is a link to more information (the link posted in the summary has nothing to do with the backdoor):

      Probably whoever came up with "backhole" didn't want to use "backdoor" because they felt that, since doors aren't naturally occurring, describing this security vulnerability as a "door" means that it must have been put there intentionally. Whereas, in fact (as near as I can tell), this vulnerability is due to a software error, albeit seemingly an failure of release management rather than programming per se. Thus, "hole" instead of "door".

      That said, I'd like to leave our distinguished editor Timothy with this thought:

      "Stop trying to make backhole happen! It's never going to happen!"

    11. Re:Backhole? by Anonymous Coward · · Score: 0

      Clearly Timothy is a backhole lover...

    12. Re:Backhole? by parkinglot777 · · Score: 1

      Not only terrible editing, the link itself in TFA is about something else (something about television recoding technology)...

    13. Re:Backhole? by arth1 · · Score: 1

      Tried clicking through to see what they meant... but the linked story is about something completely different.

      You tried to RTFA? You must be new here.

    14. Re:Backhole? by quenda · · Score: 1

      I thought they meant something far more dangerous - the backhoe. The ultimate denial-of-service tool.
      Remember a few years ago some woman in Georgia took a whole country off the internet?

      http://it.slashdot.org/story/0...
      http://www.theguardian.com/wor...

    15. Re:Backhole? by blazer1024 · · Score: 1

      My opinion is, if a hole suddenly occurred in the back side of your house/apartment, and people started using it as a way in or out, it would actually make sense to call it the backdoor instead of the backhole. Also, backhole sounds dirty.

    16. Re:Backhole? by Anonymous Coward · · Score: 0

      Must admit i read it as "explodable black hole".

    17. Re:Backhole? by Dragonslicer · · Score: 1

      I'm glad they finally changed the planet's name in order to end that stupid joke once and for all.

    18. Re:Backhole? by dsmatthews9379 · · Score: 1

      I think he was thinking "boyishly", http://www.wolframalpha.com/in...

      If you know what I mean....

    19. Re:Backhole? by EEPROMS · · Score: 1

      a blackhole is very similar to a backdoor just there is more gravity to fix it.

    20. Re:Backhole? by RockDoctor · · Score: 1
      When did they do that?

      And the joke has only worked amongst people with no knowledge of Greek. No - not "Greek" in the sense of participating in anal sex (like "English" or "French"), but Greek in the sense of reading or writing at least some of the language.

      --
      Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
    21. Re:Backhole? by Dragonslicer · · Score: 1

      When did they do that?

      In 2620.

  2. Accidentally by Anonymous Coward · · Score: 0

    "Accidentally". Hehehehe.

  3. Uh huh. An "accident". by Anonymous Coward · · Score: 1, Insightful

    "Accidentally" at the behest of a nation-state actor. The only real accident was it being discovered. Just like the backdoors in Screen OS, etc.

    1. Re:Uh huh. An "accident". by Anonymous Coward · · Score: 0

      "Accidentally" at the behest of a nation-state actor. The only real accident was it being discovered. Just like the backdoors in Screen OS, etc.

      You appear to be confused. This is about a Back HOLE, not a back DOOR.

  4. Backhole? by ltcraben · · Score: 5, Informative

    It's called a "backdoor" and here is a link to more information (the link posted in the summary has nothing to do with the backdoor): http://androidcommunity.com/se...

    --
    I had a sig once, but someone stole it.
  5. Backhole? Are the editors even trying? by Anonymous Coward · · Score: 1

    Backhole?

    Are you kidding me?
    Are the editors even trying?

    1. Re:Backhole? Are the editors even trying? by Anonymous Coward · · Score: 1

      I kind of like Backhole better. Better represents the feeling you get when someone uses it against you.

    2. Re:Backhole? Are the editors even trying? by Anonymous Coward · · Score: 0

      I kind of like Backhole better. Better represents the feeling you get when someone uses it against you.

      I guess the other option is "Blackdoor", which isn't so bad either. Can compare and contrast with "Whitedoor" and "Greydoor".

    3. Re:Backhole? Are the editors even trying? by EmeraldBot · · Score: 1

      Backhole?

      Are you kidding me? Are the editors even trying?

      I thought it was a brilliant improvisation, much more accurate how the whole relationship works. Maybe then our general population will finally care if we call them backholes, eh?

      --
      "Set a man a fire, he'll be warm for the rest of the night. Set a man afire, he'll be warm for the rest of his life."
    4. Re:Backhole? Are the editors even trying? by AmiMoJo · · Score: 1

      Trying to start a meme perhaps.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    5. Re:Backhole? Are the editors even trying? by arth1 · · Score: 1

      Are the editors even trying?

      Are the editors even plural?

    6. Re:Backhole? Are the editors even trying? by Dragonslicer · · Score: 1

      Are the editors even plural?

      Well, in English, "zero" usually uses the plural form for nouns and verbs.

  6. Nice system by jones_supa · · Score: 1

    Quite professional Japanese video production setup they have in that link. *sips coffee*

    1. Re:Nice system by ArchieBunker · · Score: 1

      Near as I can tell it has something to do with 8K video. Glad to see the new owners keeping up the tradition of not checking any submissions for spelling/grammar/content/errors.

      --
      Only the State obtains its revenue by coercion. - Murray Rothbard
    2. Re:Nice system by gstoddart · · Score: 2

      LOL, I let Chrome translate it for me, and I got this:

      From the date of the ultra-popular program "Emi-ten" of Nippon TV.
      But Korakuen Hall of the day, it had been wrapped in from usual little different atmosphere.
      Mumu~tsu, number of cameras is 3 units often! It big also strangely in Takeshi bone!
      Profusely many people! It is not a even if field technician you look, it's bossy It's beautiful.

      Which tells me letting Chrome translate stuff from Japanese is a terrible idea.

      --
      Lost at C:>. Found at C.
    3. Re:Nice system by ArchieBunker · · Score: 1

      Asian languages never translate well. For some reason Russian translation works great. With current technology why is machine translation so poor? You can't tell me with services like Siri and Cortana that we can't have better translations.

      --
      Only the State obtains its revenue by coercion. - Murray Rothbard
    4. Re:Nice system by Gr8Apes · · Score: 5, Insightful

      Because they haven't progressed to contextual translation yet, which includes phrases and grammar structure translation. Any multi-lingual person will be able to tell you that they do not translate word for word, they need the full phrase or more to go from language a to b, especially if those languages have varying grammatical structures and rules governing things like adverb and adjective placement. Also note that phrases like "top of the morning to you" should be translated to an appropriate (morning) greeting and not some nonsensical word for word replacement scheme.

      --
      The cesspool just got a check and balance.
    5. Re:Nice system by EmeraldBot · · Score: 1

      Asian languages never translate well. For some reason Russian translation works great. With current technology why is machine translation so poor? You can't tell me with services like Siri and Cortana that we can't have better translations.

      Because asian languages don't map well to English to begin with. Japanese at least uses far fewer words with very many potential meanings, and it's great for humans since we know the context. But if I told you to turn "cloud go here strength west", you'd struggle quite a bit to not add extra detail the author never said and still make a fluid sentence. Magnify by that a hundred fold because a machine doesn't even have basic intuition, and I'm actually suprised by how it sort results in somewhst readahle sentences, sometimes.

      That being said, I'm surprised by the poor quality of German. English and German are even in the same family linguistically speaking... Germany's not a very sexy language, but still, I'd have figured it might be an easy lower hanging fruit. I guess maybe we are at the limits technologically speaking then, here's hoping in 10 years we're further along.

      --
      "Set a man a fire, he'll be warm for the rest of the night. Set a man afire, he'll be warm for the rest of his life."
    6. Re:Nice system by gstoddart · · Score: 2

      English and German are even in the same family linguistically speaking

      In some ways yes, but apparently in some ways no.

      Years ago a friend was taking German classes, and apparently it has subject/verb stuff which can be at the end of sentences.

      So one example of how it fell apart was a place in which the speaker went on for a long time, and the translator just stopped ... because without knowing what was at the end of the long-winded sentence it was impossible know what to say next. It was a lot of stuff which couldn't be translated into English until it was all done -- and it took a VERY long time for that speaker to be done.

      I got the impression that are still enough structural differences that it's more than a little challenging for skilled humans to do it.

      So, if translating in real time can be near impossible, then I assume it's still damned easy for static translations to get mired down into stuff it can't handle well.

      --
      Lost at C:>. Found at C.
    7. Re:Nice system by Anonymous Coward · · Score: 1

      That being said, I'm surprised by the poor quality of German. English and German are even in the same family linguistically speaking...

      They might be in the same language family, but that is because they have the same primary root language. In the case of English, there was the initial celtic language, similar to Welsh, that would have had some parts assimilated into the versions of Saxon & Angle that merged into the pre-Norman tongue. Then there were the Normans, speaking French, a derivative of Latin with some input from ancient Gaulish, another celtic language. They also influenced the development of English, both it's lexicon and probably its grammar. It will also have been influenced by Irish, Scottish Gaelic, Welsh, Cornish, and even Indian. Languages don't just change in isolation, they also change with human migration and intermingling of cultures.

    8. Re:Nice system by AmiMoJo · · Score: 1

      I posted that link in a story about the first 8k studio recordings of TV shows. I have no idea how it got into this story. I hope they still post my 8k story though, even if TFA is in Japanese.

      Yeah, machine translation sucks.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    9. Re:Nice system by Anonymous Coward · · Score: 0

      One of the big challenges in translating from German is the prevalence of compound words whose meanings vary by context, and which often don't match the base words' definitions at all. We use our fair share of compound words in English, but their meanings are typically evident. For example combining "light," a source of brightness, plus "house," a domicile where you take shelter, gives us "lighthouse," a structure that protects a source of brightness. Makes sense, right? Most (obviously not all) English compound words can be easily reverse-engineered, so to speak.

      In German, you have many thousands of examples which aren't nearly so clear. Consider "Fingerspitzen," the tips of your fingers, plus "Gefuhl," feeling, which gives us "Fingerspitzengefuhl," an innate and heightened sense of situational awareness. This makes a bit of sense in an abstract way that a human can understand once it's explained: "fingertip feeling" is a short way to express "I can feel it in my fingertips," which can then be interpreted as "I'm completely in touch with my surroundings." It's currently very difficult for a machine to extract the meaning from the context from the metaphor from the compound word, though - and German is just full of these words.

  7. Backhole? by duke_cheetah2003 · · Score: 2

    Makes it sound like the device has an anus! I don't want that in my pocket!

  8. Link? by Anonymous Coward · · Score: 0

    Link to an article about 8k tv cameras?

  9. No way! by truck_soccer · · Score: 1

    An exploitable back hole?! Why don't we start sending probes into it and find out where it goes?

  10. ATTN: BIZX OVERLORDS by slashdice · · Score: 5, Funny

    I figure you guys have no idea what slashdot is about. Let me give you a brief history:

    2.5 million B.C.: OOG the Open Source Caveman develops the axe and releases it under the GPL. The axe quickly gains popularity as a means of crushing moderators' heads.

    100,000 B.C.: Man domesticates the AIBO.

    10,000 B.C.: Civilization begins when early farmers first learn to cultivate hot grits.

    3000 B.C.: Sumerians develop a primitive cuneiform perl script.

    2920 B.C.: A legendary flood sweeps Slashdot, filling up a Borland / Inprise story with hundreds of offtopic posts.

    1750 B.C.: Hammurabi, a Mesopotamian king, codifies the first EULA.

    490 B.C.: Greek city-states unite to defeat the Persians. ESR triumphantly proclaims that the Greeks "get it".

    399 B.C.: Socrates is convicted of impiety. Despite the efforts of freesocrates.com, he is forced to kill himself by drinking hemlock.

    336 B.C.: Fat-Time Charlie becomes King of Macedonia and conquers Persia.

    4 B.C.: Following the Star (as in hot young actress) of Bethelem, wise men travel from far away to troll for baby Jesus.

    A.D. 476: The Roman Empire BSODs.

    A.D. 610: The Glorious MEEPT!! founds Islam after receiving a revelation from God. Following his disappearance from Slashdot in 632, a succession dispute results in the emergence of two troll factions: the Pythonni and the Perliites.

    A.D. 800: Charlemagne conquers nearly all of Germany, only to be acquired by andover.net.

    A.D. 874: Linus the Red discovers Iceland.

    A.D. 1000: The epic of the Beowulf Cluster is written down. It is the first English epic poem.

    A.D. 1095: Pope Bruce II calls for a crusade against the Turks when it is revealed they are violating the GPL. Later investigation reveals that Pope Bruce II had not yet contacted the Turks before calling for the crusade.

    A.D. 1215: Bowing to pressure to open-source the British government, King John signs the Magna Carta, limiting the British monarchy's power. ESR triumphantly proclaims that the British monarchy "gets it".

    A.D. 1348: The ILOVEYOU virus kills over half the population of Europe. (The other half was not using Outlook.)

    A.D. 1420: Johann Gutenberg invents the printing press. He is immediately sued by monks claiming that the technology will promote the copying of hand-transcribed books, thus violating the church's intellectual property.

    A.D. 1429: Natalie Portman of Arc gathers an army of Slashdot trolls to do battle with the moderators. She is eventually tried as a heretic and stoned (as in petrified).

    A.D. 1478: The Catholic Church partners with doubleclick.net to launch the Spanish Inquisition.

    A.D. 1492: Christopher Columbus arrives in what he believes to be "India", but which RMS informs him is actually "GNU/India".

    A.D. 1508-12: Michaelengelo attempts to paint the Sistine Chapel ceiling with ASCII art, only to have his plan thwarted by the "Lameness Filter."

    A.D. 1517: Martin Luther nails his 95 Theses to the church door and is promptly moderated down to (-1, Flamebait).

    A.D. 1553: "Bloody" Mary ascends the throne of England and begins an infamous crusade against Protestants. ESR eats his words.

    A.D. 1588: The "IF I EVER MEET YOU, I WILL KICK YOUR ASS" guy meets the Spanish Armada.

    A.D. 1603: Tokugawa Ieyasu unites the feuding pancake-eating ninjas of Japan.

    A.D. 1611: Mattel adds Galileo Galilei to its CyberPatrol block list for proposing that the Earth revolves around the sun.

    A.D. 1688: In the so-called "Glorious Revolution", King James II is bloodlessly forced out of power and flees to France. ESR again triumphantly proclaims that the British monarchy "gets it".

    A.D. 1692: Anti-GIF hysteria in the New World comes to a head in the infamous "Salem GIF Trials", in which 20 alleged GIFs are burned at the stake. Later investigation reveals that mayn of the supposed GIFs were actually PNGs.

    A.D. 1769: James Watt pate

    --
    Copyright (c) 1990 - 2014 Dice. All rights reserved. Use of this comment is subject to certain Terms and Conditions.
    1. Re: ATTN: BIZX OVERLORDS by Anonymous Coward · · Score: 0

      I don't "get it".

    2. Re: ATTN: BIZX OVERLORDS by Anonymous Coward · · Score: 0

      Go to hell, Lockwood.

    3. Re: ATTN: BIZX OVERLORDS by Anonymous Coward · · Score: 0

      I don't "get it".

      It's an older meme, AC, but it checks out:

      http://science.slashdot.org/comments.pl?sid=5645&cid=1051555 was posted by Yu Suzuki (170586) on Tuesday May 23, 2000 @04:27PM (#1051555) Homepage

      Dear BizX: You are now in posession of one of the longest-running archives of the Internet's cultural history. You never know when something from 15 years ago may suddenly become relevant. This is why the continued maintenance and accessibility of Slashdot's archive is important.

      (And thank you, slashdice GP, for the walk down memory lane.)

    4. Re:ATTN: BIZX OVERLORDS by DeathSquid · · Score: 1

      When will people learn their history correctly? Armstrong's actual words were "FRIST MOONWALK!!!".

  11. This is why TRUMP in 2016 makes sense! by Anonymous Coward · · Score: 0

    Keep those Chinese craps out of this country!

    1. Re:This is why TRUMP in 2016 makes sense! by Anonymous Coward · · Score: 1

      Fascism never makes sense. If just seems like a good idea to unskilled members of the majority culture and race who feel entitled to a free ride at the expense of others. If something only appeals to disgruntled losers, who could not learn and keep up with civilization, it does not make sense.

  12. What kind of parents..... by wkwilley2 · · Score: 2, Funny

    Justin Case, we should patch it anyway.

    --
    Have you ever fallen asleep at the keybhanusdiog?
  13. You forgot the quotes by Anonymous Coward · · Score: 0

    Exploitable Backhole "Accidentally" Left In Some MediaTek-based Phones.

    And I think you meant backdoor.

  14. backhole-blackhole by Anonymous Coward · · Score: 0

    Am I the only one who initial read this as blackhole, Petty dangerous stuff.

    1. Re:backhole-blackhole by Tablizer · · Score: 1

      Being Monday, I made the same reading mistake at first, thinking, "Wow, hackers got some powerful tools. Darth Vader would be proud."

      --
      Table-ized A.I.
  15. Cause of the big bang by Anonymous Coward · · Score: 0

    No wait, that was an exploitable b(l)ackhole.

  16. To get to the gist of it by jones_supa · · Score: 2

    What devices are affected?

    Is this something actually dangerous, or something that only a security researcher can exploit in theoretical conditions?

    1. Re:To get to the gist of it by Anonymous Coward · · Score: 0

      "This hole could be used to trivially gain root access,"
      As someone who has failed miserably to root my current phone, where can I get one of these?

    2. Re:To get to the gist of it by Anonymous Coward · · Score: 0

      you can easily root your phone.

      the carriers don't like that. not one bit.

      so it's bad. be outraged.

    3. Re:To get to the gist of it by jones_supa · · Score: 1

      Yeah, but couldn't an userspace app also use it to gain root access and do weird shit?

    4. Re: To get to the gist of it by Anonymous Coward · · Score: 0

      Probably Geekbuying.com

  17. Re:mod do38 by Anonymous Coward · · Score: 0

    Mod parent up, brilliant picture of backhole.

  18. Exploitable Black Hole !!!!! by Anonymous Coward · · Score: 0

    Finally faster than light communication, time travel etc....

  19. Justin Case? by BronsCon · · Score: 2

    Really? Justin Case? If that's not a clearly fake name, I don't know what is. And a link to a completely unrelated non-english article? Whoever the hell submitted this spam should never be allowed to submit again and whoever posted it should be fired.

    --
    APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
    1. Re:Justin Case? by Anonymous Coward · · Score: 0

      Obviously its a fake name, I made it up as a joke. Many journalists dont realize it. For reference to my real name, http://arstechnica.com/security/2014/08/blackphone-goes-to-def-con-and-gets-hacked-sort-of/

      As far as the linked article, no idea haven't read it, or any article on the mediatek backdoor i found.

    2. Re:Justin Case? by BronsCon · · Score: 1

      Here's a hint, while you're getting all defensive: The article linked has nothing to do with any backdoor in anything. If you'd given it a quick click you'd have seen that and not bothered replying.

      --
      APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
  20. this headline by Anonymous Coward · · Score: 0

    makes me uncomfortable

  21. It's an alias by Andy+Dodd · · Score: 1

    I know the guy. Justin Case is NOT his real name. (I don't know what it is, I remember seeing him acknowledged by his real name once but I forget what it is, but I do know that it's not his real name - but many people think it is.)

    --
    retrorocket.o not found, launch anyway?
    1. Re:It's an alias by wkwilley2 · · Score: 1

      That's believable.

      I actually know a family, last name Case. (unrelated)

      And the mother of this family sometimes jokingly states that she almost named her son Justin.

      --
      Have you ever fallen asleep at the keybhanusdiog?
  22. Justin Case? by Locke2005 · · Score: 1

    Please tell me "Justin Case" is a pseudonym and not someone's real name!

    --
    I've abandoned my search for truth; now I'm just looking for some useful delusions.
  23. Backhole or Backhoe? by Idarubicin · · Score: 1

    I have to admit that when I first read the headline, my mind processed it as

    Exploitable Backhoe Accidentally...

    I figured that some nitwit had decided that large construction machinery needed to be part of the Internet of Things, and that the expected outcome had come to pass.

    --
    ~Idarubicin
    1. Re:Backhole or Backhoe? by KGIII · · Score: 1

      I actually had to read it twice. I was really confused.

      --
      "So long and thanks for all the fish."
  24. Romulan warship phones? by Anonymous Coward · · Score: 0

    Read that as Blackhole. Thought - singularities driving a phone? And exploitable too. That's neat tech. Oh - wait. Nope.