Worst. Bug. Ever.
Summary: It turns out the bug in Android I wrote about yesterday was worse than we thought. When the phone booted it started up a command shell as root and sent every keystroke you ever typed on the keyboard from then on to that shell.
It turns out the bug in Android I wrote about yesterday was worse than we thought. When the phone booted it started up a command shell as root and sent every keystroke you ever typed on the keyboard from then on to that shell. Thus every word you typed, in addition to going to the foreground application would be silently and invisibly interpreted as a command and executed with superuser privileges. Wow!
In the bug report (issue 1207) jdhorvat writes:
Funny story behind finding this:
I was in the middle of a text conversation with my girl when she asked why I hadn't responded. I had just rebooted my phone and the first thing I typed was a response to her text which simply stated "Reboot" - which, to my surprise, rebooted my phone.
When I first read this I didn't believe it. Then I read it again, and again, and finally tried it for myself. It's true. Don't believe me? Save anything you're working on (this will reboot your phone!), open the keyboard tray on your G1, ignore anything you see on the screen, and type these 8 keystrokes: <return>-r-e-b-o-o-t-<return>. Poof, your phone will reboot. This only works on a real phone, not in the emulator, and only with firmware version 1.0 TC4-RC29 and earlier.
From the home screen select Menu > Settings > About phone, and look for the Build number (near the bottom). If you see this:
kila-user 1.0 TC4-RC29 115247 ota-rel-keys,release-keys (US)
kila_uk-user 1.0 TC5-RC7 112931 (UK)
then you're vulnerable. If you see anything later than RC29 in the US or RC7 in the UK then you already have the fix.
Because Android is open source, the problem was quickly tracked down by users to a couple lines in the system file init.rc. My guess is that this was accidentally left in during device debugging. Thankfully the fix is trivial; you can probably even make it yourself if you're so inclined (just comment out the offending lines described in the reports above and reboot).
Here's a workaround I just discovered: Open the keyboard and type these 5 keystrokes: <return>-c-a-t-<return>. That will cause the phantom shell to not listen to commands any more, at least until the next reboot.
A patch from Google should be on its way soon. Meanwhile, be careful what you type.
Updated 10Nov2008: The patch installed itself on my G1 this weekend. I can verify that the bug has been fixed, so it's safe to type "rm -r" in your instant messages again.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
sounds like....
LMAO... nt
I had to look this one up
"Origin of urban legend
Thanks for checking on the speech recognition
story. Although grounded in fact,
I?m afraid that tale has grown into something
of an urban legend. (I seem to recall that
Steve Bass of Pasadena had a lot to do with
enhancing and recirculating it.)
The straight scoop is a bit less
amusing, but was hilarious enough at
the time.
Several years back, one of the
speakers at a meeting of the
Sacramento PC Users Group was
demonstrating speech-recognition
software. Just as the live portion of
the demo was starting, a past-
President named Rick Hellewell
shouted out from the audience,
?Format C colon.? Nothing actually
happened, but the comment brought
down the house.
This has since become a running
joke, which someone feels obligated
to repeat (with ever-decreasing
hilarity) whenever a vendor demonstrates
a speech-recognition product,
most recently at our July meeting.
Thank you for giving me the opportunity
to set the record straight.
---Larry Clark, President
Sacramento PC Users Group"
I also found a reference to it here from 1993:
http://www.sacpcug.org/archives/20year/timeline-b.html
good story anyway
Steve Jobs at Oracle World ('98?)
No one could hear anyone for about a minute, from the laughter.
Confirmed.
Android is a java framework it doesn't have an init.rc
To classify it as an Android bug is a bit wide of the mark.
This is like saying that a Windows PC that boots a trojan on a CD has a vulnerability in Windows. Not so. The problem is in the CMOS settings allowing booting from CD.
Note: there are many phones in progress that will run Android. They could even run Windows CE or Symbian under the java framework. Therefore to classify this as an "Android" problem is just plain wrong.
Android IS NOT a java framework.
Saying Android is just a java framework is like saying the iPhone OS is just an Obj-C framework or Windows Mobile is just a .Net framework.
I do agree with you that it's a problem with HTC's implementation of the underlying Linux-based OS on the phone but that's also part of what's known as Android.
I just had to respond before people reading this article and the comments were lead in the wrong direction by your comment.
I'd recommend taking a look at: http://code.google.com/android/what-is-android.html
Its ALL Android
Also I can't seem to get this to work even thought I have RC29.
my bad.
In fact, I'm pretty certain you could throw away the Linux kernel, and shim the rest of it onto something else, (WINE-like).
From memory, the Apache2 licence would allow you to do that, although you might have to call it something else, like iRobot.
I can't really see why anyone would bother now, though, as the iPhone style interface is available through versions of WindowsCE, Blackberry, G1 etc.
Bottom line though is that Ed id right, worst bug ever.
IOW...
RE: Worst. Bug. Ever.
Jess
www.anolite.echoz.com
Please do...
Message has been deleted.
Do *not* type "rm -rf /*"
The command "rm -rf /*" is the classic example of something you basically never want to run on a UNIX system. However I expect that there are many android users who are not old UNIX hand and have never come across this wisdom.
Already reported. Just stupid.
TripleII
G1 is linux based
Are you sure about that?
Oh really? Then why do the paypal servers run linux?
Wow... just wow...