Android flaw executed typed text
The Android-based G1 has had an embarrassing string of security flaws since its release only a few weeks ago.
According to ZDnet's Ed Burnette, the open-source Linux-based smartphone platform recently shipped in T-Mobile's G1 handset contains a real doozy of a back door: it would appear that absolutely anything you write, at absolutely any time, will be evaluated as a system command.
The bug, which affects handsets running Android 1.0 TC5-RC29 or earlier, can be demonstrated in a simple way: in any text entry box – even on a webpage or in the address book – hit the 'enter' key and type 'reboot' followed by 'enter' again. If your handset is vulnerable, you'll see it suddenly decide to restart the OS.
The flaw is even more of an embarrassment when you learn that commands executed in this way run as the 'root' user, with complete system access. If you happen to be typing a document on how to hose a Linux system by typing in inadvisable commands, you can expect to learn about this one the hard way.
The plus side for G1 owners with handsets that mysteriously execute typed commands is that this makes the jailbreak we reported last week even easier to carry out: you can skip the 'install Pterminal' step and simply type 'telnetd' at any time to launch the root-level telnet daemon.
A Google coder has described the problem as being “already fixed and is going out in the RC30 build which will be pushed to users very soon.”
Is this the straw that broke the camel's back for security on the Android platform, or are little niggles like this to be expected on a 1.0 platform – even one from the giant that is Google? Share your thoughts over in the forums.
Previous Article
18 Comments
Discuss in the forums ReplyHope nobody had a friend called "rm -rf /"
http://xkcd.com/327/
no it wont, it will say directory not empty.
It will be fun to sit back and watch pundits start claiming this will somehow help the iPhone (it's won't). All it will do it inconvenience a few people until the OS is patched.
Sorry, no. Google Android is a device with great potential and more power to its elbow, but for all people's moaning about Apple, it shows what Apple does best: deliver a quite polished product, first time around. You get what you pay for. Google Android has some growing up to do.
This is all true. In fact, I would make the argument that the iPhone 1.0 OS is better than the current one (2.1). I should have mentioned I am an iPhone user and it is the single best mobile platform I have used - by far. This is mostly due to Apple's tight integration of hardware and software. Well, that and a OS that makes sense.
Still, competition is a good thing and Android could be a real winner. Will people put up with a troubled infancy? Time will tell.
The UK model has TC5-RC7 on is.. I cant find any info if its 23 releases behind or a seperate fork for the UK version.
=(
Imp
Because it doesn't come out of beta till it works properly :)
TheoGeo. At least Google has the balls to keep calling it beta untill it works. Microsoft does not.
what does that have to do with anything? are you saying that open software shouldn't have any bugs, or that open software should execute everything that is typed into it?