Czech kernel developer Pavel Machek wants to be root on his T-Mobile G1 Android Linux mobile phone so that he can exploit security holes simply to extend usability of the phone.
Machek registered his complaint about getting root privilege on his Android phone on the Bugtraq list and Android chat, but concluded that the G1 security system was not so much designed "to protect the owner from an evil attacker" as that it simply "prevents the owner from using his phone." He, for example, wanted to use his G1 to connect his notebook to the Internet.
Machek tried to exploit a dnotify hole fixed by Kernel 2.6.25.1, but found that dnotify was turned off in the G1 kernel. He then tried to use an inotify security hole on his Android-installed PC, but still could not practically root the phone.
Machek did find some problems with the Android OS, which runs on ARM processors, but is still looking for attack vulnerabilities. His mailing list posting describes some weak entry points related to the dynamic linker and a few integer and buffer overflows, but he invites feedback from others on Android security issues, preferably via private email.
Comments