?

Log in

As the article says: Worst. Bug. Ever.

Short version: for Android phones with firmware version 1.0 TC4-RC29 or earlier,

There's a root shell using the console as stdin, so all input on the physical keyboard on the phone is being interpreted by that shell (regardless of what application is being displayed, and regardless of whether it is responding to those keyboard presses itself).


In other words: you type 'reboot' on any bundled Android application, the phone reboots. Type 'telnetd', and you get a telnet daemon up and running as root.

Yes, I can't quite wrap my mind around it either.

If this is true ( jwz post here, cf the link referenced there), this has to be one of the most embarrassing security bugs in the history of IT.

There's only one possible label for this: EPIC FAIL.

Tags:

Latest Month

May 2016
S M T W T F S
1234567
891011121314
15161718192021
22232425262728
293031    

Tags

Syndicate

RSS Atom
Powered by LiveJournal.com
Designed by Tiffany Chow