root
Latest
Roku jailbreak gives users control over what channels they install
Now you can get root access on Roku devices and install your own software.
iRobot enters the classroom with acquisition of Root Robotics
iRobot, the company behind the Roomba, is about to do more than vacuum your house, mop your floors and mow the lawn. Today the company announced that it's acquired Root Robotics, and it will add the Root educational coding robot to its lineup.
Apple's macOS 'root' bug can be reopened by updating
After news broke of a devastating security flaw in its most recent version of macOS, Apple responded quickly by releasing a patch. Installing Security Update 2017-001 on either macOS 10.13 or 10.13.1 will resolve a problem that allowed anyone to login with admin access simply by typing the username "root" and leaving the password blank, but people have discovered there's another wrinkle. As Wired mentions, if someone is still on the initial release of High Sierra (10.13), and installs the patch, then later updates to 10.13.1, then the security flaw will return. It can be fixed by reinstalling the patch, but it's important for users to know that the computers won't restart itself, and it needs to be restarted before it will be secure. It's hardly impossible, but it could leave people insecure even if they think they've installed patches the right way, and probably explains why (when they can) companies wait for more testing before rolling out a patch. tl;dr: Mac owners, mash that update button -- reboot, check again to make sure you have all the updates, and if they need to install then reboot your system again once they're done. If you have any problems afterward with file sharing, then just take a look here for a fix.
Apple fixes macOS bug allowing full access without a password (updated)
It didn't take long for Apple to patch that nasty macOS High Sierra flaw that let intruders gain full administrator access (aka root) on your system. The company has released Security Update 2017-001, which should prevent people from gaining control over a Mac just by putting "root" in the username and hitting the Return key a few times. Needless to say, you'll want to apply this fix as soon as you can if you're running Apple's latest desktop OS.
macOS High Sierra bug allows full admin access without a password
If you're using Apple's latest macOS High Sierra, you'll want to be wary of giving people access to your computer. Initially tweeted by developer Lemi Orhan Ergin, there's a super-easy exploit that can give anyone gain admin (or root) rights to your Mac. Engadget has confirmed that you can gain root access in the login screen, the System Preferences Users & Groups tab and File Vault with this method. All you need to do is enter "root" into the username field, leave the password blank, and hit Enter a few times. Needless to say, this is some scary stuff.
ICYMI: Underwater robot snake, Earth's ocean saving and more
#fivemin-widget-blogsmith-image-54715{display:none;} .cke_show_borders #fivemin-widget-blogsmith-image-54715, #postcontentcontainer #fivemin-widget-blogsmith-image-54715{width:570px;display:block;} try{document.getElementById("fivemin-widget-blogsmith-image-54715").style.display="none";}catch(e){}Today on In Case You Missed It: Princeton researchers discovered ocean currents can move most anything around the globe within 10 years; which could help replenish dying ecosystems... and also spread around pollution. Norwegian engineers came up with a mechanical snake for underwater sea inspection and simple repair jobs near oil drills. And Harvard wants to encourage kid programming with a new robot that can be used by kindergartners to high schoolers. Once that's conquered, the answer is clearly to make the MIT open-source duckcar. As always, please share any great tech or science videos you find by using the #ICYMI hashtag on Twitter for @mskerryd.
Google warns of Android flaw that lets attackers hijack phones
Rooting (that is, using a security flaw to gain control over an operating system) is a staple of the Android enthusiast world, but it's also used by would-be attackers... and Google just offered a textbook example of this problem. It's warning of a vulnerability in Android's Linux-based kernel that lets apps get root access, giving intruders free rein over your device. And this isn't just a theoretical exercise -- Zimperium (which discovered the Stagefright bug) says it has spotted publicly available apps that make use of the hole.
New strain of Android malware is 'virtually impossible' to remove
Do you remember the bad old days of computer viruses so invasive that it was easier to nuke your software and start over than fix the problem? They're back... in mobile form. Lookout has noticed a trend toward Android malware that masquerades as a popular app, but quietly gets root-level access to your phone and buries itself deep in the operating system. If that happens, you're in serious trouble. Unless you can walk through loading a fresh ROM or carefully modify system files over ADB, it may be easier to just replace the device, or have your phone company reflash it -- a simple factory reset won't get the job done. Some of the bogus apps are little more than shells for ads, but others will work properly while they compromise your device.
Samsung Pay doesn't work on rooted phones
Bad news, power-users: if you habitually root every smartphone you put in your pocket, you won't be able to use Samsung Pay. Users participating in the South Korean trial program have learned that devices with unrestricted access to the file system have been blocked from using the service. "Access denied," reads the app's error message. "Samsung Pay has been locked due to an unauthorized modification."
Chromecast software vulnerability paves way for another root exploit
Google regularly rolls out Chromecast updates that plug up previous root-friendly exploits, but there's a new method you can use if you want complete control over your streaming device. A group of hardware hackers (fail0verflow, Team Eureka and GTVHacker) have not only discovered a vulnerability in the latest Chromecast software, but also developed a way to exploit it and give you root access. This lets you tinker with the HDMI dongle, enable and disable stuff like software auto-updates and change any setting you wish, among other things. The team's calling it "HubCap," and it works on both newly updated and brand new, fresh-out-the-box Chromecasts. You'll need extra hardware to make it happen (a USB development board called Teensy used to root PS3s back in the day), but if you're dead set on rooting your Chromecast, head over to XDA Developers for the full set of instructions. [Thanks, CJ]
Nest Learning Thermostat has its security cracked open by GTVHacker
While we wait for Google I/O (which starts tomorrow) to find out what will become of the company's TV platform, a team that we've seen bust open the padlocks on Google TV, Chromecast and Roku has a new target. GTVHacker just revealed an exploit for the (now Google-owned, and owner of Dropcam) Nest Learning Thermostat. It could let owners do new and interesting things (like replace the Nest software entirely) but of course, someone with bad intentions could take it in another direction: monitor whether the owner is home via its motion detector, sniff network traffic, or just crank up the temperature a few degrees -- all without even opening the device. Interested in how the hack works? Like most jailbreaking techniques we've seen on mobile and home connected platforms it requires physical access to the device, so you don't have to worry bout someone wardriving down the block and wreaking havoc with your A/C. Check after the break for more details and a video, and if you're headed to DEFCON in August, the team has a demonstration planned that's oh-so-comfortingly titled "Hack All the Things." Update: Nest has responded, saying the team's software "doesn't compromise the security of our servers or the connections to them and to the best of our knowledge, no devices have been accessed and compromised remotely." [Image credit: gpshead/Flickr]
Roku player software cracked open temporarily, root now to run XBMC later
Roku's line of set-top boxes have been popular thanks to their simple controls, large set of available apps (recently expanded to include YouTube for the new Roku 3) and hardware ranging in price from inexpensive to downright cheap. Still, despite an active and encouraged developer community with custom channels and well-supported media player apps like Plex, the hardware has remained largely on lockdown -- until now. The GTVHacker team that previously unlocked Google TV and Chromecast has found a way to run its commands as root on any Roku 2 or Roku 3 using the most recent software version (unfortunately, that does not at this time include Sky TV's cheap Now TV player, which runs on older software). While the player overall is credited as "considerably more secure than others in the entertainment field" (Samsung comes to mind but it's from from the only one) a development password field provided a way in. Currently they've only achieved persistence on the Roku 2, which in this case means they can maintain control even after the box reboots by breaking the secure boot process and modifying the initial boot loader. Since Roku 2 runs on the same Broadcom chip used by the popular Raspberry Pi, team member CJ Heres expects to see ports for third-party home theater PC software like XBMC very quickly. The Roku 3 will be a bit trickier since it runs on different hardware, and right now it needs to have the command entered each time the box starts. Those well-versed in using the command line should find the process simple. A WGET command entered via the development password field pulls down a script -- available from the GTVHacker team -- that makes sure you have the right box and does all the dirty work before rebooting, leaving you with a rooted box, as seen above. Hardware level access on mobile platforms has lead to a number of custom software projects and we'll have to see if the same path is followed here, but if all this does is create a simple $40 XBMC box, it's probably still worth looking into -- and quickly, the team expects this security hole will be patched soon.
Chromecast update breaks root-friendly exploit
We hope you weren't planning to tinker with your Chromecast this weekend. GTVHacker has confirmed that a recent firmware update to Google's streaming media stick plugs the bootloader exploit that many are using to get root access. Some XDA-Developers members have tried maintaining root by flashing recovery images and disabling signing keys, but those aren't reliable solutions -- we've seen a few reports of bricked Chromecasts. If you're cautious, it may be best to wait until more adventurous owners find a vulnerability in Google's newer code.
Redbox Instant app for Android updated to work on rooted devices
When Redbox Instant's mobile apps launched earlier this year some users noticed that it refused to work on rooted Android hardware. Now a new update, noted in the log as "changed the way we handle rooted devices," is allowing playback no matter what your superuser status is. Many other premium video apps (but not Netflix, for example) have similar blocks on rooted / jailbroken mobile hardware, although users can usually work around them. Still, it's annoying and mostly unnecessary especially since the block is so easily overcome, so it's good to see Redbox making the change. The ban on rooted hardware and its limited library of subscription streaming content -- although it does throw in the convenience of kiosk rental credits -- have been the source of a large number of negative reviews for the app, hopefully with one looming issue out of the way the other will be addressed shortly.
Google Glass exploration demonstrates a hidden browser and more (video)
While it's known that Google Glass has in-testing features just waiting to be exposed, we haven't seen many attempts to reveal them all. Zhuowei Zhang has stepped in with a complete list of what's under the hood, and it turns out that some of those features work... more or less. After modding the latest Glass firmware, Android Police can confirm that there is a functional Chrome browser lurking inside; Google just hasn't woven it into the user experience. Other Labs features produce similarly mixed results. OK Glass Everywhere lets users easily start a voice command chain from anywhere in the interface, but a video stabilization mode clearly isn't ready for prime time. Although you'll want to visit the source links for the full rundown, it's evident from just a cursory glimpse that Glass has plenty of room to grow.
Google Glass gets a one-stop shop for downloads, including a rooted image
Early Google Glass owners are dominated by developers and tinkerers, so it's only fair that they get easy access to the downloads they need. Appropriately, Google has quietly set up a page that centralizes both Glass images and kernel source code. The company has even saved owners from having to hack their eyewear the hard way -- one image comes pre-rooted for those willing to toss caution (and their warranties) to the wind. Most of us can't take advantage of these downloads for about a year or more, but those with early access can swing by the new code hub today.
Google Glass rooted and hacked to run Ubuntu live at Google I/O
Today at Google I/O the company held a session entitled "Voiding your Warranty" where employees demonstrated how to root Google Glass and install Ubuntu on it. What you're seeing above is a screenshot from a laptop running a terminal window on top and showing the screencast output from Glass on the bottom -- here running the standard Android launcher instead of the familiar cards interface. The steps involve pushing some APKs (Launcher, Settings and Notepad) to the device using adb, then pairing Glass with a Bluetooth keyboard and trackpad. After this, it's possible to unlock the bootloader with fastboot and flash a new boot image to gain root access. From there you have full access to Glass -- just like that! Running Ubuntu requires a couple more apps to be installed, namely Android Terminal Emulator and Complete Linux Installer. The latter lets you download and boot your favorite linux distro (Ubuntu, in this case). You're then able to use SSH or VNC to access Ubuntu running right on Glass. We captured a few screenshots of the process in our gallery. Follow the links below for more info -- just be careful not to brick your Glass okay? %Gallery-188641%
Google releases Glass kernel GPL source, lets developers have at it
While our own Tim Stevens is currently adapting to life with Google Glass, developers are going beyond scratching the surface and actually starting to fiddle with what's inside. Hot on the heels of Jay Freeman rooting Glass, Google's throwing devs a bone by publicly releasing the kernel source. Interestingly, Karthik's Geek Center spotted info within the file that points to Glass potentially being equipped for NFC support. If you're up for tinkering, you'll find the temporary location of the tar.zx file itself at the source link.
Developers gain root access on Google Glass, not yet sure what to do with it
Access to Google's Glass headsets is still limited to a lucky few, but that's more than enough to include several curious coders. Some have had success identifying the hardware contained within, but others are focusing on the software. Cydia founder Jay Freeman posted the above image on Twitter this afternoon to show that he had gained root access on his unit, telling Forbes he relied upon a well-known Android 4.0.4 exploit to take control of its OS. The bad news? He hasn't been able to use it much yet, since the Explorer edition isn't quite ready for prescription glasses wearers. For now, the question of whether the same technique will work on eventual retail versions remains unanswered, as well as what it's actually going to be useful for. Steven Troughton-Smith suggests developers can use it to try out more complicated apps than Google currently allows, including always-on heads-up displays or camera apps. Overcoming any remote deactivation Google may try to enforce or loading your own unauthorized apps are also definite possibilities, though we're sure others will surface soon.
Root exploit unearthed for Snapdragon-based Galaxy S 4
Inventory delays may stifle prospective Galaxy S 4 owners, but such pesky hurdles appear to have little effect on Android's development community. An XDA-Developers member by the name of "djrbliss" has constructed a root exploit for Snapdragon-powered variants (see: all US carrier versions) of Samsung's newly christened flagship. While burrowing into your phone's software always carries some risk, the bold will find a complete how-to at the source link below.
