Slashdot Mirror

← Back to Stories (view on slashdot.org)

Exploitable Backhole Accidentally Left In Some MediaTek-based Phones (ndtv.com)

Posted by timothy on from the so-no-using-the-phone-ever dept.

Lirodon writes: MediaTek has confirmed findings by security researcher Justin Case, who discovered that some devices running Android KitKat on MediaTek processors (often used in lower-cost devices) had a debug function, meant to be removed on production devices, accidentally left in by their manufacturer. This hole could be used to trivially gain root access, among other possibilities.

48 of 79 comments (clear)

  1. Backhole? by Anonymous Coward · · Score: 5, Funny

    Did you mean backdoor? Black hole?

    1. Re: Backhole? by Anonymous Coward · · Score: 2, Funny

      The LHC must be involved...

    2. Re:Backhole? by Anonymous Coward · · Score: 3, Insightful

      Did you mean backdoor? Black hole?

      Oh god, this one's going to bring the goatse out.

    3. Re:Backhole? by Anonymous Coward · · Score: 1

      Blame GOD, he has put an exploitable backhole into all humans.

    4. Re:Backhole? by Mr+D+from+63 · · Score: 1

      or Black Door?

    5. Re:Backhole? by Pseudonymous+Powers · · Score: 1

      It's called a "backdoor" and here is a link to more information (the link posted in the summary has nothing to do with the backdoor):

      Probably whoever came up with "backhole" didn't want to use "backdoor" because they felt that, since doors aren't naturally occurring, describing this security vulnerability as a "door" means that it must have been put there intentionally. Whereas, in fact (as near as I can tell), this vulnerability is due to a software error, albeit seemingly an failure of release management rather than programming per se. Thus, "hole" instead of "door".

      That said, I'd like to leave our distinguished editor Timothy with this thought:

      "Stop trying to make backhole happen! It's never going to happen!"

    6. Re:Backhole? by parkinglot777 · · Score: 1

      Not only terrible editing, the link itself in TFA is about something else (something about television recoding technology)...

    7. Re:Backhole? by arth1 · · Score: 1

      Tried clicking through to see what they meant... but the linked story is about something completely different.

      You tried to RTFA? You must be new here.

    8. Re:Backhole? by quenda · · Score: 1

      I thought they meant something far more dangerous - the backhoe. The ultimate denial-of-service tool.
      Remember a few years ago some woman in Georgia took a whole country off the internet?

      http://it.slashdot.org/story/0...
      http://www.theguardian.com/wor...

    9. Re:Backhole? by blazer1024 · · Score: 1

      My opinion is, if a hole suddenly occurred in the back side of your house/apartment, and people started using it as a way in or out, it would actually make sense to call it the backdoor instead of the backhole. Also, backhole sounds dirty.

    10. Re:Backhole? by Dragonslicer · · Score: 1

      I'm glad they finally changed the planet's name in order to end that stupid joke once and for all.

    11. Re:Backhole? by dsmatthews9379 · · Score: 1

      I think he was thinking "boyishly", http://www.wolframalpha.com/in...

      If you know what I mean....

    12. Re:Backhole? by EEPROMS · · Score: 1

      a blackhole is very similar to a backdoor just there is more gravity to fix it.

    13. Re:Backhole? by RockDoctor · · Score: 1
      When did they do that?

      And the joke has only worked amongst people with no knowledge of Greek. No - not "Greek" in the sense of participating in anal sex (like "English" or "French"), but Greek in the sense of reading or writing at least some of the language.

      --
      Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
    14. Re:Backhole? by Dragonslicer · · Score: 1

      When did they do that?

      In 2620.

  2. Uh huh. An "accident". by Anonymous Coward · · Score: 1, Insightful

    "Accidentally" at the behest of a nation-state actor. The only real accident was it being discovered. Just like the backdoors in Screen OS, etc.

  3. Backhole? by ltcraben · · Score: 5, Informative

    It's called a "backdoor" and here is a link to more information (the link posted in the summary has nothing to do with the backdoor): http://androidcommunity.com/se...

    --
    I had a sig once, but someone stole it.
  4. Backhole? Are the editors even trying? by Anonymous Coward · · Score: 1

    Backhole?

    Are you kidding me?
    Are the editors even trying?

    1. Re:Backhole? Are the editors even trying? by Anonymous Coward · · Score: 1

      I kind of like Backhole better. Better represents the feeling you get when someone uses it against you.

    2. Re:Backhole? Are the editors even trying? by EmeraldBot · · Score: 1

      Backhole?

      Are you kidding me? Are the editors even trying?

      I thought it was a brilliant improvisation, much more accurate how the whole relationship works. Maybe then our general population will finally care if we call them backholes, eh?

      --
      "Set a man a fire, he'll be warm for the rest of the night. Set a man afire, he'll be warm for the rest of his life."
    3. Re:Backhole? Are the editors even trying? by AmiMoJo · · Score: 1

      Trying to start a meme perhaps.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    4. Re:Backhole? Are the editors even trying? by arth1 · · Score: 1

      Are the editors even trying?

      Are the editors even plural?

    5. Re:Backhole? Are the editors even trying? by Dragonslicer · · Score: 1

      Are the editors even plural?

      Well, in English, "zero" usually uses the plural form for nouns and verbs.

  5. Nice system by jones_supa · · Score: 1

    Quite professional Japanese video production setup they have in that link. *sips coffee*

    1. Re:Nice system by ArchieBunker · · Score: 1

      Near as I can tell it has something to do with 8K video. Glad to see the new owners keeping up the tradition of not checking any submissions for spelling/grammar/content/errors.

      --
      Only the State obtains its revenue by coercion. - Murray Rothbard
    2. Re:Nice system by gstoddart · · Score: 2

      LOL, I let Chrome translate it for me, and I got this:

      From the date of the ultra-popular program "Emi-ten" of Nippon TV.
      But Korakuen Hall of the day, it had been wrapped in from usual little different atmosphere.
      Mumu~tsu, number of cameras is 3 units often! It big also strangely in Takeshi bone!
      Profusely many people! It is not a even if field technician you look, it's bossy It's beautiful.

      Which tells me letting Chrome translate stuff from Japanese is a terrible idea.

      --
      Lost at C:>. Found at C.
    3. Re:Nice system by ArchieBunker · · Score: 1

      Asian languages never translate well. For some reason Russian translation works great. With current technology why is machine translation so poor? You can't tell me with services like Siri and Cortana that we can't have better translations.

      --
      Only the State obtains its revenue by coercion. - Murray Rothbard
    4. Re:Nice system by Gr8Apes · · Score: 5, Insightful

      Because they haven't progressed to contextual translation yet, which includes phrases and grammar structure translation. Any multi-lingual person will be able to tell you that they do not translate word for word, they need the full phrase or more to go from language a to b, especially if those languages have varying grammatical structures and rules governing things like adverb and adjective placement. Also note that phrases like "top of the morning to you" should be translated to an appropriate (morning) greeting and not some nonsensical word for word replacement scheme.

      --
      The cesspool just got a check and balance.
    5. Re:Nice system by EmeraldBot · · Score: 1

      Asian languages never translate well. For some reason Russian translation works great. With current technology why is machine translation so poor? You can't tell me with services like Siri and Cortana that we can't have better translations.

      Because asian languages don't map well to English to begin with. Japanese at least uses far fewer words with very many potential meanings, and it's great for humans since we know the context. But if I told you to turn "cloud go here strength west", you'd struggle quite a bit to not add extra detail the author never said and still make a fluid sentence. Magnify by that a hundred fold because a machine doesn't even have basic intuition, and I'm actually suprised by how it sort results in somewhst readahle sentences, sometimes.

      That being said, I'm surprised by the poor quality of German. English and German are even in the same family linguistically speaking... Germany's not a very sexy language, but still, I'd have figured it might be an easy lower hanging fruit. I guess maybe we are at the limits technologically speaking then, here's hoping in 10 years we're further along.

      --
      "Set a man a fire, he'll be warm for the rest of the night. Set a man afire, he'll be warm for the rest of his life."
    6. Re:Nice system by gstoddart · · Score: 2

      English and German are even in the same family linguistically speaking

      In some ways yes, but apparently in some ways no.

      Years ago a friend was taking German classes, and apparently it has subject/verb stuff which can be at the end of sentences.

      So one example of how it fell apart was a place in which the speaker went on for a long time, and the translator just stopped ... because without knowing what was at the end of the long-winded sentence it was impossible know what to say next. It was a lot of stuff which couldn't be translated into English until it was all done -- and it took a VERY long time for that speaker to be done.

      I got the impression that are still enough structural differences that it's more than a little challenging for skilled humans to do it.

      So, if translating in real time can be near impossible, then I assume it's still damned easy for static translations to get mired down into stuff it can't handle well.

      --
      Lost at C:>. Found at C.
    7. Re:Nice system by Anonymous Coward · · Score: 1

      That being said, I'm surprised by the poor quality of German. English and German are even in the same family linguistically speaking...

      They might be in the same language family, but that is because they have the same primary root language. In the case of English, there was the initial celtic language, similar to Welsh, that would have had some parts assimilated into the versions of Saxon & Angle that merged into the pre-Norman tongue. Then there were the Normans, speaking French, a derivative of Latin with some input from ancient Gaulish, another celtic language. They also influenced the development of English, both it's lexicon and probably its grammar. It will also have been influenced by Irish, Scottish Gaelic, Welsh, Cornish, and even Indian. Languages don't just change in isolation, they also change with human migration and intermingling of cultures.

    8. Re:Nice system by AmiMoJo · · Score: 1

      I posted that link in a story about the first 8k studio recordings of TV shows. I have no idea how it got into this story. I hope they still post my 8k story though, even if TFA is in Japanese.

      Yeah, machine translation sucks.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  6. Backhole? by duke_cheetah2003 · · Score: 2

    Makes it sound like the device has an anus! I don't want that in my pocket!

  7. No way! by truck_soccer · · Score: 1

    An exploitable back hole?! Why don't we start sending probes into it and find out where it goes?

  8. ATTN: BIZX OVERLORDS by slashdice · · Score: 5, Funny

    I figure you guys have no idea what slashdot is about. Let me give you a brief history:

    2.5 million B.C.: OOG the Open Source Caveman develops the axe and releases it under the GPL. The axe quickly gains popularity as a means of crushing moderators' heads.

    100,000 B.C.: Man domesticates the AIBO.

    10,000 B.C.: Civilization begins when early farmers first learn to cultivate hot grits.

    3000 B.C.: Sumerians develop a primitive cuneiform perl script.

    2920 B.C.: A legendary flood sweeps Slashdot, filling up a Borland / Inprise story with hundreds of offtopic posts.

    1750 B.C.: Hammurabi, a Mesopotamian king, codifies the first EULA.

    490 B.C.: Greek city-states unite to defeat the Persians. ESR triumphantly proclaims that the Greeks "get it".

    399 B.C.: Socrates is convicted of impiety. Despite the efforts of freesocrates.com, he is forced to kill himself by drinking hemlock.

    336 B.C.: Fat-Time Charlie becomes King of Macedonia and conquers Persia.

    4 B.C.: Following the Star (as in hot young actress) of Bethelem, wise men travel from far away to troll for baby Jesus.

    A.D. 476: The Roman Empire BSODs.

    A.D. 610: The Glorious MEEPT!! founds Islam after receiving a revelation from God. Following his disappearance from Slashdot in 632, a succession dispute results in the emergence of two troll factions: the Pythonni and the Perliites.

    A.D. 800: Charlemagne conquers nearly all of Germany, only to be acquired by andover.net.

    A.D. 874: Linus the Red discovers Iceland.

    A.D. 1000: The epic of the Beowulf Cluster is written down. It is the first English epic poem.

    A.D. 1095: Pope Bruce II calls for a crusade against the Turks when it is revealed they are violating the GPL. Later investigation reveals that Pope Bruce II had not yet contacted the Turks before calling for the crusade.

    A.D. 1215: Bowing to pressure to open-source the British government, King John signs the Magna Carta, limiting the British monarchy's power. ESR triumphantly proclaims that the British monarchy "gets it".

    A.D. 1348: The ILOVEYOU virus kills over half the population of Europe. (The other half was not using Outlook.)

    A.D. 1420: Johann Gutenberg invents the printing press. He is immediately sued by monks claiming that the technology will promote the copying of hand-transcribed books, thus violating the church's intellectual property.

    A.D. 1429: Natalie Portman of Arc gathers an army of Slashdot trolls to do battle with the moderators. She is eventually tried as a heretic and stoned (as in petrified).

    A.D. 1478: The Catholic Church partners with doubleclick.net to launch the Spanish Inquisition.

    A.D. 1492: Christopher Columbus arrives in what he believes to be "India", but which RMS informs him is actually "GNU/India".

    A.D. 1508-12: Michaelengelo attempts to paint the Sistine Chapel ceiling with ASCII art, only to have his plan thwarted by the "Lameness Filter."

    A.D. 1517: Martin Luther nails his 95 Theses to the church door and is promptly moderated down to (-1, Flamebait).

    A.D. 1553: "Bloody" Mary ascends the throne of England and begins an infamous crusade against Protestants. ESR eats his words.

    A.D. 1588: The "IF I EVER MEET YOU, I WILL KICK YOUR ASS" guy meets the Spanish Armada.

    A.D. 1603: Tokugawa Ieyasu unites the feuding pancake-eating ninjas of Japan.

    A.D. 1611: Mattel adds Galileo Galilei to its CyberPatrol block list for proposing that the Earth revolves around the sun.

    A.D. 1688: In the so-called "Glorious Revolution", King James II is bloodlessly forced out of power and flees to France. ESR again triumphantly proclaims that the British monarchy "gets it".

    A.D. 1692: Anti-GIF hysteria in the New World comes to a head in the infamous "Salem GIF Trials", in which 20 alleged GIFs are burned at the stake. Later investigation reveals that mayn of the supposed GIFs were actually PNGs.

    A.D. 1769: James Watt pate

    --
    Copyright (c) 1990 - 2014 Dice. All rights reserved. Use of this comment is subject to certain Terms and Conditions.
    1. Re:ATTN: BIZX OVERLORDS by DeathSquid · · Score: 1

      When will people learn their history correctly? Armstrong's actual words were "FRIST MOONWALK!!!".

  9. What kind of parents..... by wkwilley2 · · Score: 2, Funny

    Justin Case, we should patch it anyway.

    --
    Have you ever fallen asleep at the keybhanusdiog?
  10. To get to the gist of it by jones_supa · · Score: 2

    What devices are affected?

    Is this something actually dangerous, or something that only a security researcher can exploit in theoretical conditions?

    1. Re:To get to the gist of it by jones_supa · · Score: 1

      Yeah, but couldn't an userspace app also use it to gain root access and do weird shit?

  11. Justin Case? by BronsCon · · Score: 2

    Really? Justin Case? If that's not a clearly fake name, I don't know what is. And a link to a completely unrelated non-english article? Whoever the hell submitted this spam should never be allowed to submit again and whoever posted it should be fired.

    --
    APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
    1. Re:Justin Case? by BronsCon · · Score: 1

      Here's a hint, while you're getting all defensive: The article linked has nothing to do with any backdoor in anything. If you'd given it a quick click you'd have seen that and not bothered replying.

      --
      APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
  12. Re:This is why TRUMP in 2016 makes sense! by Anonymous Coward · · Score: 1

    Fascism never makes sense. If just seems like a good idea to unskilled members of the majority culture and race who feel entitled to a free ride at the expense of others. If something only appeals to disgruntled losers, who could not learn and keep up with civilization, it does not make sense.

  13. It's an alias by Andy+Dodd · · Score: 1

    I know the guy. Justin Case is NOT his real name. (I don't know what it is, I remember seeing him acknowledged by his real name once but I forget what it is, but I do know that it's not his real name - but many people think it is.)

    --
    retrorocket.o not found, launch anyway?
    1. Re:It's an alias by wkwilley2 · · Score: 1

      That's believable.

      I actually know a family, last name Case. (unrelated)

      And the mother of this family sometimes jokingly states that she almost named her son Justin.

      --
      Have you ever fallen asleep at the keybhanusdiog?
  14. Re:backhole-blackhole by Tablizer · · Score: 1

    Being Monday, I made the same reading mistake at first, thinking, "Wow, hackers got some powerful tools. Darth Vader would be proud."

    --
    Table-ized A.I.
  15. Justin Case? by Locke2005 · · Score: 1

    Please tell me "Justin Case" is a pseudonym and not someone's real name!

    --
    I've abandoned my search for truth; now I'm just looking for some useful delusions.
  16. Backhole or Backhoe? by Idarubicin · · Score: 1

    I have to admit that when I first read the headline, my mind processed it as

    Exploitable Backhoe Accidentally...

    I figured that some nitwit had decided that large construction machinery needed to be part of the Internet of Things, and that the expected outcome had come to pass.

    --
    ~Idarubicin
    1. Re:Backhole or Backhoe? by KGIII · · Score: 1

      I actually had to read it twice. I was really confused.

      --
      "So long and thanks for all the fish."