Worst security blooper ever?

. . . keeping an eye on the penguin

Keywords: Match:

Nov. 11, 2008

T-Mobile has issued an over-the-air fix for a laughable Android security bug that caused anything typed into its G1 phone to be interpreted by a root shell process. Prior to the fix, hackers briefly enjoyed root shell access, leading to such fun as Debian SD-card installations.

The Android bug has to rate as one of the great software bloopers of all time. Whether snuck into the code by a Google employee bent on mischief, or simply a vestige of Google's debug process, the bug was apparently caused by these lines in the G1's init.rc:


## Daemon processes to be run by init.
##
service console /system/bin/sh
    console

T-Mobile quickly patched the gaping hole, but not before widespread shenanigans ensued. One report on Google's Android Bug listing describes a user text messaging advice to his girlfriend comprised of the single word "reboot," only to find his phone rebooting. Surprise!

Subsequently, the bug report was apparently marked as a security issue, in order to make it inaccessible to the public. However, Pandora had already left the building, possibly with Elvis in tow, thanks to a post to the XDA-Developers forum. This, in turn, led to at least one enterprising user posting a howto on gaining a root shell. Next, another G1 owner thoughtfully documented the process of installing Debian on a 16GB SD card, and booting the G1 into it.

Ah, but you can only have so much of a good thing. T-Mobile bottled up the fun with an "RC30" OTA (over-the-air) firmware fix that closed down the laughable loophole.

Although the HTC G1 is open to Java development, using freely downloadable tools released under an Apache 2.0 license, G1 owners do not get root access permissions to their actual G1 devices.

At least, not anymore.

-- Henry Kingman

Do you have comments on this story?

Talkback here
NOTE: Please post your comments regarding our articles using the above link. Be sure to use this article's title as the "Subject" in your posts. Before you create a new thread, please check to see if a discussion thread is already running on the article you plan to comment on. Thanks!

Related Stories:

(Click here for further information)

7 Advantages of D2D Backup
For decades, tape has been the backup medium of choice. But, now, disk-to-disk (D2D) backup is gaining in favor. Learn why you should make the move in this whitepaper.

4 Legal Reasons to Control Internet Access
The Internet is obviously a valuable resource for many organizations. However, many are exposed to legal liability concerns because they fail to control Internet access. Learn if you're safe in this white paper.

Rapidly Resolve J2EE Application Problems
Whether you are in the process of building J2EE applications or have J2EE applications already running in production, you must ensure that they deliver the expected ROI. Learn how in this white paper.

Load Testing 2.0 for Web 2.0
There are many unknowns in stress testing Web 2.0 applications. Find out how to test the performance of Web 2.0 in this white paper.

Build Better Games Online
For the game infrastructure providers, life is complex. Making money from games has become more complicated. Why? Find out in this white paper.

Building a Virtual Infrastructure from Servers to Storage
This white paper discusses the virtual storage solutions that reduce cost, increase storage utilization, and address the challenges of backing up and restoring Server environments.

Gaining Faster Wireless Connections with WiMAX
Welcome to what is quickly becoming the hyperconnected world where anything that would benefit from being connected to the network will be connected. Learn more in this white paper.

Is Your Desktop a Security Threat?
The new wave of sophisticated crimeware not only targets specific companies, but also targets desktops and laptops as backdoor entryways into those business’ operations and resources. Learn how to stay safe in this white paper.

Increasing SAN Reliability by 100 Percent
Storage area networks (SAN) are a strong part of storage plans. Learn how to increase your reliability and uptime by 100 percent in this case study.

Got a HOT tip? please tell us!

ADVERTISEMENT
(Advertise here)

Latest Linux-Watch Posts

• Opinion: Absolutism hurting Debian
• Linux patent program finances "defensive publications"
• Linux Foundation announces TAB electees
• Mistah SCO -- he dead
• Worst security blooper ever?
• Novell offers RHEL, CentOS support
• Windows 7 no threat to netbook Linux
• Microsoft breaks HotMail for Linux users?
• Torvalds: Real quality means taking it personally
• Opinion: open source value transcends tough times
More Linux-Watch posts

DesktopLinux headlines:
• A peek at Phoenix HyperSpace
• Linux desktop gains kid-friendly browser
• OpenSUSE Community Manager discusses 11.1 release
• "...and I'm Linux" video contest approaches
• OpenSUSE rev's license, build system
• Linux gains fresh "AIR"
• Video-call software boasts HD quality
• Sun rev's "open source" desktop VM manager
• Open source music player rev's up
• Fedora 10 dubbed a "solid" chapeau
More DesktopLinux news

LinuxDevices headlines:
• "3G" HP netbook boasts Atom, ExpressCard expansion
• Mini-notebook chips suitable for Linux devices?
• Single-drive NAS runs ARM Linux
• Linux fast-boot add-on reviewed
• Linux NAS/iSCSI server adopts Atom
• Superscalar ARM SoC runs Linux
• "Zubuntu" keeps Zaurus spirit alive
• i.MX515 targets Linux netbooks
• Palm "Nova" Linux set for CES debut?
• German Linux integrator launches workshops
More LinuxDevices news

Dev Shed

Powered By Dev Shed

Linux conquers smartphones!

...read all about 'em

Visit the...

news feed

Home \| News \| Forum \| About \| Contact

	Ziff Davis Enterprise Home \| Contact Us \| Advertise \| Link to Us \| Reprints \| Magazine Subscriptions \| Newsletters Tech RSS Feeds \| White Papers \| ROI Calculators \| Tech Podcasts \| Tech Video \| VARs \| Channel News
	Baseline \| Careers \| Channel Insider \| CIO Insight \| DesktopLinux \| DeviceForge \| DevSource \| eSeminars \| eWEEK \| Enterprise Network Security \| LinuxDevices \| Linux Watch \| Microsoft Watch \| Mid-market \| Networking \| PDF Zone \| Publish \| Security IT Hub \| Strategic Partner \| Web Buyer's Guide \| Windows for Devices
	Developer Shed \| Dev Shed \| ASP Free \| Dev Articles \| Dev Hardware \| SEO Chat \| Tutorialized \| Scripts \| Code Walkers \| Web Hosters \| Dev Mechanic \| Dev Archives \| igrep
Use of this site is governed by our Terms of Service and Privacy Policy. Except where otherwise specified, the contents of this site are copyright © 1999-2009 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise is prohibited. Linux is a registered trademark of Linus Torvalds. All other marks are the property of their respective owners.

Home \| News \| Forum \| About \| Contact

	Ziff Davis Enterprise Home \| Contact Us \| Advertise \| Link to Us \| Reprints \| Magazine Subscriptions \| Newsletters Tech RSS Feeds \| White Papers \| ROI Calculators \| Tech Podcasts \| Tech Video \| VARs \| Channel News
	Baseline \| Careers \| Channel Insider \| CIO Insight \| DesktopLinux \| DeviceForge \| DevSource \| eSeminars \| eWEEK \| Enterprise Network Security \| LinuxDevices \| Linux Watch \| Microsoft Watch \| Mid-market \| Networking \| PDF Zone \| Publish \| Security IT Hub \| Strategic Partner \| Web Buyer's Guide \| Windows for Devices
	Developer Shed \| Dev Shed \| ASP Free \| Dev Articles \| Dev Hardware \| SEO Chat \| Tutorialized \| Scripts \| Code Walkers \| Web Hosters \| Dev Mechanic \| Dev Archives \| igrep
Use of this site is governed by our Terms of Service and Privacy Policy. Except where otherwise specified, the contents of this site are copyright © 1999-2009 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise is prohibited. Linux is a registered trademark of Linus Torvalds. All other marks are the property of their respective owners.