Android bug executes typed text in command line

In another bit of embarrassing bug news, Wired reports that Google has encountered a problem with its Android mobile platform running on T-Mobile’s G1 smartphone. The issue? Oh, nothing too serious—some users just noticed the phone sent all text they entered to the hidden Linux command line and executed it with root privileges.

One user in particular noticed the bug in an innocuous exchange:

I was in the middle of a text conversation with my girl when she asked why I hadn’t responded. I had just rebooted my phone and the first thing I typed was a response to her text which simply stated "Reboot" – which, to my surprise, rebooted my phone.

According to Wired, the bug affected "almost all" G1 phones. A Google spokesperson told Wired yesterday, "We fixed the bug on Oct. 31 and are currently rolling out the fix to G1 devices. . . . This bug does affect users of G1 running RC29 and earlier." Users must manually click "update" on the phone to get the new-and-improved RC30 firmware, though, and T-Mobile may still be in the process of distributing the patch.

Comments closed
    • thebeastie
    • 12 years ago

    This is a disgrace, this has to be one of the dodgiest things I have ever read about misusing / poorly implementing Linux

    • rubik
    • 12 years ago

    Too bad this “new-and-improved” RC30 patch also (conveniently) locks out root access to the G1 (google search if you care)… so those of us who care about keeping the root access are electing to reject the RC30 OTA update and instead opt for a “custom” RC30 manual update… that doesn’t lock us out.

    • eitje
    • 12 years ago

    q[

      • Palek
      • 12 years ago

      I laughed.

    • MattMojo
    • 12 years ago

    Good game Google, good game! Hence the reason the only thing I use from Google is the search on google.com

      • indeego
      • 12 years ago

      Wait so you saw this coming!? How prescientg{

    • indeego
    • 12 years ago

    Yeah, maybe instead of waiting for the second generation of Android I’ll wait for the third insteadg{<.<}g

    • UberGerbil
    • 12 years ago

    You know, I can totally see how something like that gets enabled. (Especially since it’s just a couple of lines of code).

    I totally can’t see how it gets past QA.

    But hey, maybe that’s the “many eyes” philosophy applied to quality control. Not only are you a paying customer, you now work for Google (just without the salary or any of the great benes).

      • stmok
      • 12 years ago

      Have you even been in Google? There really isn’t any QA. Everyone does their own thing…Why do you think almost everything they release is Beta for so long?

      And the smart arse comment about the “many eyes” philosophy only works well when the community develops the software from its beginnings…This is true with Linux itself. (Android isn’t a community initiated project. This is a Google one. It takes time to see what and how they implemented things.)

        • tfp
        • 12 years ago

        Whatever it was the responsibility of the company that made the phone and used the Google OS to test that out as well. For all you know this is something they should have disabled within the build configuration and did not.

        There is more then enough blame to go around.

    • Hattig
    • 12 years ago

    This is a total wtf moment.

    Why was this man texting his tech support advice to this woman, when he could have been talking to her, perhaps face to face?

      • derFunkenstein
      • 12 years ago

      did we read the same article? He said he’d rebooted (she asked hwy he hadn’t replied, and his answer was “reboot”, obstensibly indicated that he’d rebooted) and then teh phone rebooted.

        • Hattig
        • 12 years ago

        I read a different article that paraphrased it different, as in he was giving a girl tech support via text messaging.

          • Anomymous Gerbil
          • 12 years ago

          Huh? Sometimes asynchronous conversations are appropriate. Who knows maybe one or both were in meetings, or otherwise busy.

    • ScythedBlade
    • 12 years ago
      • TheBob!
      • 12 years ago

      God Help anyone that types that. lol

      • UberGerbil
      • 12 years ago

      Wait, you’re saying Linux doesn’t protect me from deleting files? But, but, all those people in the AVG thread are criticizing Windows because it doesn’t protect or recover from a deleted system file. I thought Linux would not only stop /[

        • Firestarter
        • 12 years ago

        It won’t protect you because it would most likely break some arcane script/program, therefore it stays.

        But Windows is like totally dragging 10 tons of compatibility baggage around, so clearly anything Unix beats the crap out of M$ shit!

        • stmok
        • 12 years ago

        Linux doesn’t protect you from being an incompetent user. Its up to you to learn and understand what you’re doing and why.

        Why do you think a Linux user is typically more knowledgeable than a Windows or OSX one? Because we’re put into a position where we learn and become responsible for our system. We learn good computing practices…If that’s the price we pay, then I’ll gladly pay it.

        As I know I will benefit in the long term scheme of things.
        (ie: No longer need to budget for software licenses. No need to worry about DRM or other “anti-piracy” validation schemes. Don’t need anti-malware apps to make me “feel safe”. Optimise the system to meet my exact needs. I can pick when I want to upgrade. etc etc).

          • just brew it!
          • 12 years ago

          …but not all people have the time or inclination to delve into things to that level. Joe Sixpack isn’t going to learn how to do stuff from the command line.

          Ubuntu has made huge strides toward making Linux friendly to non-technical people, while still allowing power users to get under the hood and customize to their hearts’ content. It can still be a bit “fiddly” though… there are still rough corners, and they tend to be a bit too bleeding edge at times, rolling out new upstream versions of packages (or even the OS kernel!) that aren’t ready for prime time. The recent 8.10 release is an example of this, unfortunately…

          Don’t get me wrong, I love Linux. At work, I spend more time in Linux (Ubuntu and Debian) than Windows these days; and it is only a matter of time before I make that transition at home as well. But I can see how the Joe Sixpack crowd might run into some difficulties, if they don’t have a Linux geek in the family.

      • Forge
      • 12 years ago

      You don’t need sudo. If you RTFA, the console receiving the commands is a ROOT SHELL.

        • Nitrodist
        • 12 years ago

        ****ing owned!? I don’t know, they were both pretty nerdy… maybe they just cancel each other out.

Pin It on Pinterest

Share This