Epic Android bug interprets your typing as system commands
The philosophy goes something like this: the great thing about Linux is that it's secure, and the great thing about open-source software is that it's thoroughly and constantly vetted for robustness. So to that end, Android should be pretty rock solid, right? Perhaps, but the overwhelming enormity of this particular bug definitely gives us pause. It turns out that G1 firmware revisions RC29 and earlier literally interpret everything you type as command-line operations, so if you happen across a legit command, it's going to get executed -- with superuser permissions, no less. No, seriously. Just go to the messaging app, the browser, or anywhere else a text box is convenient, type "reboot," press the enter key, and watch magic happen. We've tested this on two G1s, both with RC29 firmware, and have gotten this to consistently work on one of the two, so your mileage may vary -- but either way, this needed to get patched on the double. Fortunately, Google's been quick about it, rolling a fix into the RC30 build that's being rapidly pushed to users as we speak, but man... how did that get through?
Filed under: Cellphones, Handhelds
Reader Comments (Page 1 of 3)
Ray @ Nov 8th 2008 8:49PM
Maybe this will lead to open linux on android.... maybe.
Eric @ Nov 8th 2008 8:53PM
No.
Bobby @ Nov 8th 2008 10:00PM
ehem ... how about iphone ?
Andy TGD @ Nov 9th 2008 6:00AM
ehem ... how about copy and paste ?
sideshowRaheem @ Nov 8th 2008 8:52PM
To repeat my comment from a few days ago "WTF my phone is still on RC19!"
Josh @ Nov 8th 2008 8:53PM
I looked at the code that constituted this bug, and it was a couple lines. I think this is a result of andriod being rushed to production, but it's an easy fix. Even the big boys mess up every once in a while.
The good news about this is that Android has a working and usable shell in there somewhere. I hope the community will capitalize on this; I would love a phone that I could execute bash commands on. Makes it a powerful tool.
ducky @ Nov 9th 2008 12:15AM
iPhone does that, what's your point?
I'm not a fanboy, just stating a fact.
Kevin @ Nov 9th 2008 4:17AM
True, but if you replaced the words "Google" and "Android" with "Microsoft" and "" then I'm pretty sure the uproar on the interwebs would be insane. Google gets way too many "get out of jail free" cards these days.
Guava @ Nov 9th 2008 12:17PM
Microsoft would let you view the source?
Randavance @ Nov 9th 2008 5:46PM
sudo apt-get moo
John @ Nov 8th 2008 8:53PM
My friend told me about this after I had logged onto my mobile banking service on his phone to check the balance on my debit card. I sent myself a text saying "reboot;" and then "cd ~;rm *_history;" from his phone.
noel @ Nov 8th 2008 8:54PM
yup def reboots for me.. not in the browser though.. seems to only work like on a blank message.. then type reboot
rhcpsfan @ Nov 9th 2008 12:37AM
!!!!!!!If you have a android phone type " reboot " and then press enter to see your true love!!!!!!!!!!!!
mongoos150 @ Nov 8th 2008 8:55PM
Epic fail...
Rotaryfan @ Nov 8th 2008 9:03PM
that's actually an understatement. somehow. I guess that isn't something you ordinarily test for though.
This isn't going to help google's reputation. Although it will make apple look better.
o29 @ Nov 8th 2008 9:26PM
Am I the only one that's terribly sick of the words fail, win, and epic?
www.thesaurus.com
DBrim @ Nov 8th 2008 10:06PM
Majestic flounder?
John @ Nov 8th 2008 11:01PM
Great, now I'm going to think of a Magikarp whenever somebody says "epic fail".
dave @ Nov 9th 2008 7:12AM
heroic abort
Student Driver @ Nov 9th 2008 8:31PM
Damn, I would use "majestic flounder" all the time, but "MF" could be a problem...
dotAaron @ Nov 8th 2008 8:58PM
Wow, I'd be a paranoid android if that was happening :) Epic security hole
iEye @ Nov 8th 2008 9:05PM
copy
OCEAN 'CLAK' 20th @ Nov 8th 2008 9:43PM
highest rank
dotAaron @ Nov 8th 2008 8:58PM
Wow, I'd be a paranoid android if that was happening :) Epic security hole
iEye @ Nov 8th 2008 9:06PM
paste
ybd @ Nov 8th 2008 9:08PM
Heh, it's like this message is a water reflection of the above one
OCEAN 'CLAK' 20th @ Nov 8th 2008 9:45PM
lowest rank
sonofacpu @ Nov 8th 2008 9:48PM
The thing that's missing from the iPhone
why not the LS2LS7? @ Nov 8th 2008 9:03PM
Type ctrl-D reboot and I bet you'll see it works on every unit that's running RC29 or earlier.
ryaninc @ Nov 8th 2008 9:09PM
Yep, definitely reboots. But as far as I know, I've never executed any other random commands by accident. And I could only get it to reboot by pressing Enter, then typing "reboot" then pressing Enter again.
John @ Nov 8th 2008 9:32PM
that's because you have to have a blank line and then press enter after the command immediately.
Zinger314 @ Nov 8th 2008 9:12PM
So, I typed "selfdestruct" and I got an error: "G1 CANNOT SELF TERMINATE."
Man, it's good.
computer.dude.28 @ Nov 8th 2008 9:12PM
I can't believe it took this long for anyone to notice.
Shadyman @ Nov 9th 2008 2:30AM
I can't believe no one types "rm -rf /" very often.
Gabagool @ Nov 8th 2008 9:18PM
who cares
OCEAN 'CLAK' 20th @ Nov 8th 2008 9:24PM
they should close the OS, remove copy and past, and give less control like apple dose then problems solved
Mattisdada @ Nov 8th 2008 9:31PM
They probably had it able to excecute commands during testing period, so it was easy to change things if wrong. So, a rushed relese is probably the reason,''
And at OCEAN CLAK 20th: But thats the problem with most Apple software, you have 0 freedom, its so restricted its not funny.
loosely_coupled @ Nov 9th 2008 12:07AM
That is incorrect. Apple's OSX is like any other closed source OS, and there are no restrictions on 3rd party development or low-level access into the kernel or APIs.. Their end-user software on the Mac is like any other closed-source software with many apps having plugins, scripting, and other forms of extensibility. The iPhone OS is treated a bit different and 3rd party apps are restricted to a degree, but it is very simple to jail-break an iPhone or iPod Touch and remove all restrictions..
You can easily get SSH and a shell going on the iPhone with all of the *nix utilities, scripting environments, etc.
Kelmon @ Nov 9th 2008 12:40PM
I'm not going to debate what freedom is or is not available on an Apple product. What I will say, however, is that if the software does what you want and you do not feel restricted by it, do the barriers that may or may not exist even matter?
Leo @ Nov 8th 2008 9:31PM
Wait, you mean that if I just type reboot-
John @ Nov 8th 2008 9:33PM
no, you have to type reboot on a blank line then enter before you type anything other than spaces until you type a semicolon.
Leo @ Nov 8th 2008 9:40PM
That's not what the article says but whatever, I wouldn't know.
Le Master @ Nov 8th 2008 9:33PM
Am I really going to be the one to have to say it? Fine...
Someone fix the spelling of "intepret" in the title before some of us lose our damn minds.
John @ Nov 8th 2008 11:03PM
Spell check si for quiters!
Kizul Emeraldfire @ Nov 8th 2008 11:51PM
Bad spellers of the world, untie!
deyanimay @ Nov 9th 2008 6:24AM
By your powers combined i am captain spellchecker.
Jay @ Nov 9th 2008 1:36PM
They fixed it. Way to ruin our fun.
nick nicky @ Nov 8th 2008 9:34PM
Close the system, this is crazy...90% of the individuals who TMO wants to sell this phone to are gonna freak out with all this crazy stupidity. I can smell a lawsuit brewing this is destroying the TMO brand. If this crap doesn't get fixed I'm returning this phone. Let alone the software is pure crap bug hell, the hardware is even worse. I'm on my third G1 due to the stupid slide screen mechanism defect.
why not the LS2LS7? @ Nov 8th 2008 10:41PM
This isn't an open/closed system error. It's just a bug. The proper admonishment would be "get your quality right before you release it".
Reader @ Nov 9th 2008 2:05AM
Knew I wouldn't have to look far in your comments for proof that you don't have a G1, and also an apple fanboy:
Sep 23rd 2008 6:12PM
"I still have the old 2G iphone and my average for the past 6 months have been 6.1GB a month. Then again I am constantly on the net or listening to streaming music or watching videos. With the launch of the app store and a good month of using the apps my usage went up about 2GB with all the great apps on there. Yeh, I would be up the creek with the android. Plus the iphone has dozens more apps then the android has as of today."