Android Executes Everything You Type


This is one of the more bizarre bugs we’ve ever heard. The T-Mobile G1 has an open root shell that interprets everything you type as a command. It was discovered when a user just happened to type the word ‘reboot’ in a conversation and the phone immediately rebooted. A patch has already been rolled out to fix this issue. It also buttons up the earlier telnetd SUID problem.

[photo: tnkgrl]

11 thoughts on “Android Executes Everything You Type

  1. How did _that_ one get by the dev team? Just think of the power you have… to accidentally screw things up. Maybe it was a debug feature that was supposed to be closed up and wasn’t.

  2. The SUID problem on telnet is then presumably not a SUID problem. User account types it, telnetd fails to create the port. However, the background root service starts it. For further fun of this type, merely enter “rm -rf /” as the user and wait for the phone to turn off by itself!

  3. This reminds me of an early issue with Dow Jones News Retrieval Quotes during the dial-up dials. I don’t recall which company had the ticker symbol “DISC” back then, but if you had it in your portfolio and requeted the quote, their service hung up. It was understood as DISConnect.

  4. Reminds me of a friend from college who had to use a pseudonym to shop at Service Merchandise (they had a terminal entry supply system that shoppers could use). His last name was “Cancel”. Seriously. His orders would get canceled (no surprise) when submitted.

  5. Reminds me of this:

    School: Did you really name your son Robert’); Drop Table Students;–?
    Mom: Oh. Yes. Little Bobby Tables we call him
    School: Well, we’ve lost this year’s student records. I hope you’re happy.
    Mom: and I hope you’ve learned to sanitize your database inputs.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.