LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Security page

Recent Features

Relicensing and rebasing LibreOffice

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

More fun with Android

[Posted November 8, 2008 by corbet]

If you read this bug entry, you'll see that getting root access on an Android-based phone is rather easier than originally thought. It seems that the phone simply boots with a root shell listening to the keyboard, regardless of any other applications running. Be careful what you type... (a bit more information can be found on this page).
(Log in to post comments)

More fun with Android

Posted Nov 8, 2008 21:53 UTC (Sat) by mikachu (guest, #5333) [Link]

I wonder how many android phones were running at half speed after someone replied "yes" to someone...

More fun with Android

Posted Nov 9, 2008 5:09 UTC (Sun) by ajross (subscriber, #4563) [Link]

It's not a posix environment, so no /bin/yes, etc...

Actually this bug (already fixed via an over the air update, sadly) was a huge boon to free software folks, as it allowed root access on the device. Given that it was exploitable only via the phone keyboard, it hardly ranks as a security flaw at all.

More fun with Android

Posted Nov 9, 2008 19:16 UTC (Sun) by tajyrink (subscriber, #2750) [Link]

Luckily we have Neo FreeRunners :) Btw, accelerometer-controlled Doom rocks (http://unsyncopated.com/BrainSolvent/Doom%20Port)

More fun with Android

Posted Nov 14, 2008 8:38 UTC (Fri) by massimiliano (subscriber, #3048) [Link]

Luckily we have Neo FreeRunners :)

Yes, but what for those who want/need a 3G phone?
Not to belittle the OpenMoko project, which looks fantastic... but 3G is important to somebody.

More fun with Android

Posted Nov 10, 2008 7:27 UTC (Mon) by elanthis (guest, #6227) [Link]

It VERY much ranks as a security flaw. It would allow you to trick users into doing things that the user wouldn't expect. It's bad enough when a user might fall for a site that gives instructions to open a shell, login as root, and run some malicious code. It's much worse when a site can trick a user into typing something into an app that is supposed to be 100% safe and yet still get malicious code to run.

It's not of the same class as an open remote exploit, no. But it's still a severe problem. No computing device should do unexpected things, especially not with root privileges.

Using Debian Lenny with Android

Posted Nov 9, 2008 22:56 UTC (Sun) by szh (guest, #23558) [Link]

http://www.saurik.com/id/10

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds