There's a bug in Android that crosses over from the realm of serious into self-parody: "It turns out the bug in Android I wrote about yesterday was worse than we thought. When the phone booted it started up a command shell as root and sent every keystroke you ever typed on the keyboard from then on to that shell. Thus every word you typed, in addition to going to the foreground application would be silently and invisibly interpreted as a command and executed with superuser privileges. Wow!"
To read all comments associated with this story, please click here.
Member since:2005-11-10
Too bad? Too bad?
This is an absolute disaster.
It is an unmitigated failure.
How can you paint a complete failure to protect the customer's personal data and security, a good thing and "proof of the power of open source"?
If it were Microsoft or Apple, they would be instantly ripped a new one.
A bug like this might write Android out of the enterprise market, permanently.
Member since:2005-07-08
Good points, but Android is still very, very young, practically beta only. Most people haven't even considered purchasing the product yet for that exact reason.
We all know that new products quite often have many bugs, although maybe not as serious as this one, usually. Making permanent judgments may thus be a bit early.
If seen from a positive point of view, hopefully the Android team will now learn their lessons from this, permanently, and there will never be as serious security announcements for Android again. It is up to them, and only time will tell.
Member since:2008-07-15
Because open source zealots must see anything that open source does as good, no matter what. It is a religion to them, and like all religions they must twist everything and anything to validate themselves at least in their own eyes. I wish they'd put down their coolaid, or meth, or whatever the hell they're addicted to and look around for a bit. This is a nasty security bug. Great that we know about it. But hmm, this is worse than a lot of them we've seen come out of either MS or Apple in the past few years... and they were rather open about most of their security issues too once they were being patch. This is no different, open source or no open source.
Member since:2005-07-06
As with Apple, Google can update remotely the firmware so this bug won't last long, so the bug in itself won't be present for long.
As for the psychological impact, it's harder to guess on one hand this bug required physical access so on a normal scale it should be seen as less severe that remote exploit, but as the tittle of the article show 'worst bug ever', the 'simplicity' of the 'exploit' makes it appear worse than it is.
It's not the first time that debug code which stay in production create vulnerability issue: I remember an Ubuntu version where the installer showed the root password in clear in its logs.
Member since:2005-07-06
Member since:2006-03-18
Calm down.
"How can you paint a complete failure to protect the customer's personal data and security, a good thing and "proof of the power of open source"?"
I have a G1 phone, with the bug. Can you please explain to me how my personal data and security are at risk? I imagine I could type 'telnetd' and connect to my wireless network, and then forward port 23 to my phone. Even if I were so stupid, probably nothing would happen. Not much malware out there looking for idiots who launched telnetd on their phone and then opened it up to the Internet.
Member since:2008-05-26
Member since:
2005-07-14
Too bad about this bug - the first generation of anything is bound to be buggy.
Still, it's a good example of the open source development model leading to bugs being exposed and patched sooner.
Good on Google and the open source community for not simply keeping silent or sweeping it under the carpet. Proof of the power of open source.