Android executes everything you type

g1

This is one of the more bizarre bugs we’ve ever heard. The T-Mobile G1 has an open root shell that interprets everything you type as a command. It was discovered when a user just happened to type the word ‘reboot’ in a conversation and the phone immediately rebooted. A patch has already been rolled out to fix this issue. It also buttons up the earlier telnetd SUID problem.

[photo: tnkgrl]

Comments

  1. therian says:

    this is not a but, it is a feature :)

  2. TheBlunderbuss says:

    It’s not a bug either!

  3. PocketBrain says:

    How did _that_ one get by the dev team? Just think of the power you have… to accidentally screw things up. Maybe it was a debug feature that was supposed to be closed up and wasn’t.

  4. Sean says:

    wow… how could that be missed? that is certainly one enormous design flaw.

  5. herbicide says:

    That’s a definite oops.

  6. macegr says:

    I’m having difficulty figuring out how this could have been set up accidentally. It must have been used to run some commands in the early tests before the user interface was completely finished.

  7. jaduncan says:

    The SUID problem on telnet is then presumably not a SUID problem. User account types it, telnetd fails to create the port. However, the background root service starts it. For further fun of this type, merely enter “rm -rf /” as the user and wait for the phone to turn off by itself!

  8. Anne H says:

    This reminds me of an early issue with Dow Jones News Retrieval Quotes during the dial-up dials. I don’t recall which company had the ticker symbol “DISC” back then, but if you had it in your portfolio and requeted the quote, their service hung up. It was understood as DISConnect.

  9. PocketBrain says:

    Reminds me of a friend from college who had to use a pseudonym to shop at Service Merchandise (they had a terminal entry supply system that shoppers could use). His last name was “Cancel”. Seriously. His orders would get canceled (no surprise) when submitted.

  10. mrlipring says:

    Reminds me of this:

    School: Did you really name your son Robert’); Drop Table Students;–?
    Mom: Oh. Yes. Little Bobby Tables we call him
    School: Well, we’ve lost this year’s student records. I hope you’re happy.
    Mom: and I hope you’ve learned to sanitize your database inputs.

  11. cde says:

    @mrlipring
    Credit where credit is due -_-

    http://xkcd.com/327/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 94,423 other followers