Fix for Security Hole in Android G1
In one fell swoop and with an automatically distributed patch, Google and T-Mobile fixed a problem with the G1 mobile phone whereby users could access root privileges and possibly raise all kinds of havoc.
In its originally delivered state, the G1 interpreted keyboard input as a remote shell request. This could be pretty annoying if you happen to type in "reboot" with applications running.
T-Mobile has since plugged the security hole with firmware update RC30, hoping thereby to raise the bar for any future hacks. The problem was discovered in early November, but got special notice after an experience by user jdhorvat. While talking on the G1 with his girlfriend, he restarted it.
When she asked why he wasn't responding, he IM'd her with the natural response "Reboot." He was surprised to see the device do just that.
Source of the security hole was boiled down to two lines of code in the init.rc file, according to the bug report. The file is a script that drives the boot process. A number of websites declared the problem one of the most embarrassing in recent history.
The G1 is manufactured by HTC and based on Google's Android platform, which is itself a knockoff of Linux and other Open Source components. Since its introduction, the G1 proved to be a favorite sport for hackers, who even managed to install and start Debian Lenny on it. The device is available in the U.S., but when other parts of the world start seeing it early 2009, all security holes will likely be plugged.
Issue 268/2023
Buy this issue as a PDF
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Find SysAdmin Jobs
News
-
LibreOffice 7.5 has Arrived and is Loaded with New Features and Improvements
The favorite office suite of the Linux community has a new release that includes some visual refreshing and new features across all modules.
-
The Next Major Release of Elementary OS Has Arrived
It's been over a year since the developers of elementary OS released version 6.1 (Jólnir) but they've finally made their latest release (Horus) available with a renewed focus on the user.
-
KDE Plasma 5.27 Beta Is Ready for Testing
The latest beta iteration of the KDE Plasma desktop is now available and includes some important additions and fixes.
-
Netrunner OS 23 Is Now Available
The latest version of this Linux distribution is now based on Debian Bullseye and is ready for installation and finally hits the KDE 5.20 branch of the desktop.
-
New Linux Distribution Built for Gamers
With a Gnome desktop that offers different layouts and a custom kernel, PikaOS is a great option for gamers of all types.
-
System76 Beefs Up Popular Pangolin Laptop
The darling of open-source-powered laptops and desktops will soon drop a new AMD Ryzen 7-powered version of their popular Pangolin laptop.
-
Nobara Project Is a Modified Version of Fedora with User-Friendly Fixes
If you're looking for a version of Fedora that includes third-party and proprietary packages, look no further than the Nobara Project.
-
Gnome 44 Now Has a Release Date
Gnome 44 will be officially released on March 22, 2023.
-
Nitrux 2.6 Available with Kernel 6.1 and a Major Change
The developers of Nitrux have officially released version 2.6 of their Linux distribution with plenty of new features to excite users.
-
Vanilla OS Initial Release Is Now Available
A stock GNOME experience with on-demand immutability finally sees its first production release.