On CNET: Voting from Space and other news
BNET Business Network:
BNET
TechRepublic
ZDNet

November 7th, 2008

Worst. Bug. Ever.

Posted by Ed Burnette @ 12:04 pm

Categories: General, Programming, Android

Tags: Phone, Keyboards, Telecom & Utilities, Hardware, Peripherals, Ed Burnette

It turns out the bug in Android I wrote about yesterday was worse than we thought. When the phone booted it started up a command shell as root and sent every keystroke you ever typed on the keyboard from then on to that shell. Thus every word you typed, in addition to going to the foreground application would be silently and invisibly interpreted as a command and executed with superuser privileges. Wow!

In the bug report (issue 1207) jdhorvat writes:

Funny story behind finding this:

I was in the middle of a text conversation with my girl when she asked why I hadn’t responded. I had just rebooted my phone and the first thing I typed was a response to her text which simply stated “Reboot” - which, to my surprise, rebooted my phone.

When I first read this I didn’t believe it. Then I read it again, and again, and finally tried it for myself. It’s true. Don’t believe me? Save anything you’re working on (this will reboot your phone!), open the keyboard tray on your G1, ignore anything you see on the screen, and type these 8 keystrokes: <return>-r-e-b-o-o-t-<return>. Poof, your phone will reboot. This only works on a real phone, not in the emulator, and only with firmware version 1.0 TC4-RC29 and earlier.

From the home screen select Menu > Settings > About phone, and look for the Build number (near the bottom). If you see this:

kila-user 1.0 TC4-RC29 115247 ota-rel-keys,release-keys

then you’re vulnerable. If you see anything later than RC29 then you already have the fix.

Because Android is open source, the problem was quickly tracked down by users to a couple lines in the system file init.rc. My guess is that this was accidentally left in during device debugging. Thankfully the fix is trivial; you can probably even make it yourself if you’re so inclined (just comment out the offending lines described in the reports above and reboot).

Here’s a workaround I just discovered: Open the keyboard and type these 5 keystrokes: <return>-c-a-t-<return>. That will cause the phantom shell to not listen to commands any more, at least until the next reboot.

A patch from Google should be on its way soon. Meanwhile, be careful what you type.

Ed Burnette has programmed everything from device drivers and compilers to video games and multi-user servers. He is currently writing enterprise software in a variety of languages including C, Ruby, Python, and Java. For disclosure of Ed's industry affiliations, click here.

  • Talkback
  • Most Recent of 26 Talkback(s)
If its from MS its a bug. Nice try though but you're foolling no one. NT
NT. (Read the rest)
Posted by: transposeIT Posted on: 11/09/08 You are currently: Logged In | Log out
sounds like.... ridingthewind   | 11/07/08
LMAO... nt T1Oracle   | 11/07/08
I had to look this one up Ed Burnette  ZDNet | 11/07/08
good story anyway ridingthewind   | 11/07/08
Confirmed. andrew.nusca  ZDNet | 11/07/08
Android is a java framework it doesn't have an init.rc stevey_d   | 11/07/08
Android IS NOT a java framework. aphistic   | 11/07/08
Its ALL Android storm14k   | 11/08/08
my bad. *NEW* stevey_d   | 11/09/08
RE: Worst. Bug. Ever. jasonwheeler   | 11/07/08
Please do... storm14k   | 11/08/08
rm -rf /* rkrenzis   | 11/08/08
Do *not* type "rm -rf /*" gmatht   | 11/08/08
Already reported. Just stupid. *NEW* TripleII   | 11/09/08
G1 is linux based qmlscycrajg   | 11/08/08
Are you sure about that? rkrenzis   | 11/08/08
Oh really? Then why do the paypal servers run linux? g2g591   | 11/08/08
Wow... just wow... zagman76@...   | 11/08/08
this isn't about the linux kernel *NEW* stevey_d   | 11/09/08
RE: Worst. Bug. Ever. Bert0   | 11/08/08
RE: Worst. Bug. Ever. james_p   | 11/08/08
cat bjepson   | 11/08/08
Do *not* type "rm -rf /*" gmatht   | 11/08/08
It is the worst oversight, to be sure, but not a bug. *NEW* TripleII   | 11/09/08
If its from MS its a bug. Nice try though but you're foolling no one. NT *NEW* transposeIT   | 11/09/08
Is SED installed? *NEW* TripleII   | 11/09/08

What do you think?

No Trackbacks Yet

The URI to TrackBack this entry is:
http://blogs.zdnet.com/Burnette/wp-trackback.php?p=680

advertisement

Recent Entries

Recommended

Archives

ZDNet Blogs

Fusion

advertisement
Click Here