[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Applications can open up remote root access on G1 Phone

I wrote:
> Google Android applications on the T-Mobile G1 can spawn a telnetd
> that gives remote root access to your phone:
> http://www.android-unleashed.com/2008/11/howto-get-root-on-your-android-g1-and.html
> This particular method needs user interaction, but a rogue Android app
> could easily run telnetd automatically.  Android apps are not normally
> granted this sort of permission, and granting root is not supposed to
> even be possible.


I was mistaken.  Turns out that init spawns a root shell on
/dev/console -- so everything you type automatically gets executed, as
root, as a command.  This is just a bug and requires the user to
physically type at the keyboard.  I don't think it could be exploited
automatically by an application.