Worst-ever software security blooper?  

Posted by Daniela Mehler

Worst-ever software security blooper?

T-Mobile has issued an over-the-air fix for a laughable Android security bug that caused anything typed into its G1 phone to be interpreted by a root shell process. Prior to the fix, hackers briefly enjoyed root shell access, leading to such fun as Debian installations on SD cards.

The Android bug has to rate as one of the great software bloopers of all time. Whether snuck into the code by a Google employee bent on mischief, or simply a vestige of Google's debug process, the bug was apparently caused by these lines in the G1's init.rc:


## Daemon processes to be run by init.
##
service console /system/bin/sh
console


T-Mobile quickly patched the gaping hole, but not before widespread shenanigans ensued. One report on Google's Android Bug listing describes a user text messaging advice to his girlfriend comprised of the single word "reboot," only to find his phone rebooting. Surprise!

Subsequently, the bug report was apparently marked as a security issue, in order to make it inaccessible to the public. However, Pandora had already left the building, possibly with Elvis in tow, thanks to a post to the XDA-Developers forum. This, in turn, led to at least one enterprising user posting a howto on gaining a root shell. Next, another G1 owner thoughtfully documented the process of installing Debian on a 16GB SD card, and booting the G1 into it.

Ah, but you can only have so much of a good thing. T-Mobile bottled up the fun with an "RC30" OTA (over-the-air) firmware fix that closed down the laughable loophole.

Although the HTC G1 is open to Java development, using freely downloadable tools released under an Apache 2.0 license, G1 owners do not get root access permissions to their actual G1 devices.

At least, not anymore.


Norway consumer body challenges Apple over iTunes
(Reuters)

Motorola Android phone due Q2
Source free’d as first Android phone ships

This entry was posted on 10:39 PM .