« Protecting a Web Application Against Attacks Through HTML Shared Files | Main | WoW users targetted in mass site hack »

Google Android Phone passes typed content into rootshell!

"With the news that Google's Android shipped with an embarrassing security hole being followed by a simple two-step method to 'jailbreak' the OS, you'd think that the company had ironed out most of the remaining bugs – but you'd be wrong.

According to ZDnet's Ed Burnette, the open-source Linux-based smartphone platform recently shipped in T-Mobile's G1 handset contains a real doozy of a back door: it would appear that absolutely anything you write, at absolutely any time, will be evaluated as a system command.

The bug, which affects handsets running Android 1.0 TC5-RC29 or earlier, can be demonstrated in a simple way: in any text entry box – even on a webpage or in the address book – hit the 'enter' key and type 'reboot' followed by 'enter' again. If your handset is vulnerable, you'll see it suddenly decide to restart the OS."

This has to be one of the most bizarre bugs I've ever heard of. I can't imagine a legit business case for this, and I can't imagine this being a backdoor since most user entered data would error out. TheRegister also has a few amusing things to say.

Read more: http://www.bit-tech.net/news/2008/11/10/android-flaw-executes-typed-text/1

TheRegister: http://www.theregister.co.uk/2008/11/10/android_bug/


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!