G1 cellular phone security bug

This week a security hole was discovered in Linux-based G1 cellular phone Android 1.0 that allowed you to gain root access to the device.

The trick was that you have to start up a telnetd server on the phone, and then anyone who knows your IP address can log into the machine without a password to an administrator account.

When the phone booted it started up a command shell as root and sent every keystroke you ever typed on the keyboard from then on to that shell. Thus every word you typed, in addition to going to the foreground application would be silently and invisibly interpreted as a command and executed with superuser privileges.

News source: zdnet.com

Report a problem with article
Previous Story

Toshiba release gaming laptop with 3 GPUs

Next Story

Microsoft working on App-store like software distribution

1 Comments - Add comment