Android flaw executed typed text

November 10, 2008 | 13:24

Tags: #android #flaw #g1 #hack #jailbreak #rc29 #security

Companies: #google #t-mobile

With the news that Google's Android shipped with an embarrassing security hole being followed by a simple two-step method to 'jailbreak' the OS, you'd think that the company had ironed out most of the remaining bugs – but you'd be wrong.

According to ZDnet's Ed Burnette, the open-source Linux-based smartphone platform recently shipped in T-Mobile's G1 handset contains a real doozy of a back door: it would appear that absolutely anything you write, at absolutely any time, will be evaluated as a system command.

The bug, which affects handsets running Android 1.0 TC5-RC29 or earlier, can be demonstrated in a simple way: in any text entry box – even on a webpage or in the address book – hit the 'enter' key and type 'reboot' followed by 'enter' again. If your handset is vulnerable, you'll see it suddenly decide to restart the OS.

The flaw is even more of an embarrassment when you learn that commands executed in this way run as the 'root' user, with complete system access. If you happen to be typing a document on how to hose a Linux system by typing in inadvisable commands, you can expect to learn about this one the hard way.

The plus side for G1 owners with handsets that mysteriously execute typed commands is that this makes the jailbreak we reported last week even easier to carry out: you can skip the 'install Pterminal' step and simply type 'telnetd' at any time to launch the root-level telnet daemon.

A Google coder has described the problem as being “already fixed and is going out in the RC30 build which will be pushed to users very soon.

Is this the straw that broke the camel's back for security on the Android platform, or are little niggles like this to be expected on a 1.0 platform – even one from the giant that is Google? Share your thoughts over in the forums.
Discuss this in the forums
YouTube logo
MSI MPG Velox 100R Chassis Review

October 14 2021 | 15:04