BNET UK
silicon.com
ZDNet UK

Home
News
Blogs
Reviews
Videos
Jobs
Resources
Community

Leader
Comment
Benchmarks
White Papers
Downloads
Special Reports

Hardware
Software
Communications
Internet
Security
IT Management
Emerging Tech
Leader

Group Blogs
News Blog
Post Room
Rupert's Diary

Hardware Reviews
Software Reviews
Editors' Choice
Buyer's Guides
Tech Guides
Competitions

Dialogue Box
Security threats
Server platforms
Mobile devices
Application development
Full video index

Articles
White Papers
Downloads
Companies
Broadband Speed Test
Benchmarks

People
Competitions
Post Room
FAQ

You are here: ZDNet.co.uk > News > Communications

Mobile devices Toolkit

Google fixes Android root-access flaw

Tags:
Command,
Flaw,
Fix,
Command Line

David Meyer ZDNet.co.uk

Published: 10 Nov 2008 17:35 GMT

A bug has been found in Google's Android mobile platform that allows command-line instructions to be automatically run with root privileges.

The bug was revealed late last week, and Google told ZDNet UK on Monday that it had already developed a fix. The operator T-Mobile has, however, not yet said when it will be pushing the update out to users of its G1 handset — the first and, thus far, only handset to use the Android software stack.

"We've been notified of this issue and have developed a fix," Google's spokesperson said. "We are currently working with our partners to push the fix out and are updating the source code base to reflect these changes."

The flaw means any recognisable command line can be run from applications in Android phones that are not using the latest firmware. It also effectively means Android has been reading and automatically interpreting and acting upon inputted text. For example, a commentator on the bug thread on Android's forums noted that a text conversation unexpectedly led to their phone being rebooted.

"I was in the middle of a text conversation with my girl when she asked why I hadn't responded," wrote 'jdhorvat'. "I had just rebooted my phone and the first thing I typed was a response to her text which simply stated 'Reboot' — which, to my surprise, rebooted my phone."

Google's spokesperson told ZDNet UK that the issue had come to light as the company was working on a fix to stop users 'jailbreaking' (making it possible to use another operator's SIM card on) their T-Mobile G1 handsets. The spokesperson added that Google had not received any reports of the issue being exploited.

According to the forum thread, the issue is only to be found in firmware versions prior to the current version, RC30.

This latest flaw follows another highly publicised vulnerability in the Android browser that could have made it possible for users to be tricked into visiting malware-laden websites. Google has since patched that flaw as well.

Photos: A rough guide to mobile open source
Analysis: Android may spread beyond phones
Roundup: First Google Android phone unveiled
T-Mobile G1 (HTC Dream): A first look
Analysis: First Android phone enters the smartphone fray
Photos: T-Mobile G1 (HTC Dream)
How Android stands out in the smartphone space
Android in action on T-Mobile's G1
Google releases final Android SDK
T-Mobile G1 (HTC Dream) review
Google shares Android source code
Coders to profit as Android Market opens

Did you find this article useful?
7 out of 10 people found this useful

Share this article:
Digg
Slashdot
Del.ici.ous
Stumble
Reddit

More in this Special Report

Photos: A rough guide to mobile open source

Android is not the only open platform. Here's a quick guide to the mobile, open-source landscape more

Analysis: Android may spread beyond phones

One influential partner backing the open-source operating system has said the software will start to show up in consumer electronics and cars, too more

Photos: A taste of Android 'Cupcake' from the Magic phone

ZDNet UK has been given a sneak preview of Vodafone's exclusive HTC Magic handset, the first to use the updated 'Cupcake' version of the Android mobile platform more

Samsung Android phone due in June

O2 Germany has confirmed it will carry Samsung's i7500, which is likely to be the first non-HTC Android phone to be released in Europe more

Analysis: First Android phone enters the smartphone fray

The first Google Android phone sports a raft of mobile web features, but how will it stack up against the rest of the crowded smartphone market? more

Photos: T-Mobile G1 (HTC Dream)

Take a tour of the first Google Android smartphone more

How Android stands out in the smartphone space

ZDNet.com's Sumi Das and Sam Diaz discuss whether Google's Android is an iPhone killer and how the technology may eventually reach beyond phones and land inside other products more

Android in action on T-Mobile's G1

At the launch of the G1, a representative of the mobile operator demonstrated how the phone and Android operating system work more

Roundup: First Google Android phone unveiled

Unveiling the first handset to use the Android platform, Google hopes to provide a viable alternative to the current crop of largely proprietary mobile platforms more

T-Mobile G1 (HTC Dream) review

The design isn't great and we'd have liked some additional features, but the real beauty of the T-Mobile G1 is the Google Android platform, as it has the potential to make smartphones more personal and powerful more

Google shares Android source code

The search giant has begun to share the project's underlying source code on the Android Open Source Project site more

Coders to profit as Android Market opens

With T-Mobile's G1 phone now on sale in the US, Google has opened the Android Market app store, with developers set to receive 70 percent of revenue more