There's a bug in Android that crosses over from the realm of serious into self-parody: "It turns out the bug in Android I wrote about yesterday was worse than we thought. When the phone booted it started up a command shell as root and sent every keystroke you ever typed on the keyboard from then on to that shell. Thus every word you typed, in addition to going to the foreground application would be silently and invisibly interpreted as a command and executed with superuser privileges. Wow!"
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:2005-07-08
Good points, but Android is still very, very young, practically beta only. Most people haven't even considered purchasing the product yet for that exact reason.
We all know that new products quite often have many bugs, although maybe not as serious as this one, usually. Making permanent judgments may thus be a bit early.
If seen from a positive point of view, hopefully the Android team will now learn their lessons from this, permanently, and there will never be as serious security announcements for Android again. It is up to them, and only time will tell.
Member since:2005-11-10
Member since:2006-02-05
Member since:2005-06-29
Member since:2006-03-18
Member since:2005-11-15
Oh give me a break...
As one Android individual said to me, "This will the hotest phone on the planet! Bigger than iPhone!"
YEAH RIGHT!
What the Google people need to do is get back to planet earth... This company reminds me very much of Netscape in its heyday.
Around 1996 I attended the only conference Netscape ever held. And it was at that time I said, "Netscape is dead." While Google might not be dead, Google is not going anywhere quick...
Member since:2007-01-22
Member since:2008-07-15
Because open source zealots must see anything that open source does as good, no matter what. It is a religion to them, and like all religions they must twist everything and anything to validate themselves at least in their own eyes. I wish they'd put down their coolaid, or meth, or whatever the hell they're addicted to and look around for a bit. This is a nasty security bug. Great that we know about it. But hmm, this is worse than a lot of them we've seen come out of either MS or Apple in the past few years... and they were rather open about most of their security issues too once they were being patch. This is no different, open source or no open source.
Member since:2006-01-16
Um.. Android might be "open source" by definition of the word, but it was not DEVELOPED open source.
It was developed closed source and then release, so what you see here is typical corporate closed source software quality.. after review too.
If it was OSS from the get-go this wouldn't get past 0.1.
Member since:2005-07-06
As with Apple, Google can update remotely the firmware so this bug won't last long, so the bug in itself won't be present for long.
As for the psychological impact, it's harder to guess on one hand this bug required physical access so on a normal scale it should be seen as less severe that remote exploit, but as the tittle of the article show 'worst bug ever', the 'simplicity' of the 'exploit' makes it appear worse than it is.
It's not the first time that debug code which stay in production create vulnerability issue: I remember an Ubuntu version where the installer showed the root password in clear in its logs.
Member since:2005-08-28
And that was pretty dumb too.
I don't know; when I think open software on the one hand I think limitless potential, on the other hand, I think 'how many people are going to exploit this for malicious purposes?'
If it's open and someone's watching, they'll be found out pretty quick. On the other hand, Google seems to have beat them to it, shipping software that COMES with a rootkit preinstalled. Hooray!
Member since:2005-07-06
Member since:2006-03-18
Calm down.
"How can you paint a complete failure to protect the customer's personal data and security, a good thing and "proof of the power of open source"?"
I have a G1 phone, with the bug. Can you please explain to me how my personal data and security are at risk? I imagine I could type 'telnetd' and connect to my wireless network, and then forward port 23 to my phone. Even if I were so stupid, probably nothing would happen. Not much malware out there looking for idiots who launched telnetd on their phone and then opened it up to the Internet.
Member since:2008-05-26
Member since:
2005-11-10
Too bad? Too bad?
This is an absolute disaster.
It is an unmitigated failure.
How can you paint a complete failure to protect the customer's personal data and security, a good thing and "proof of the power of open source"?
If it were Microsoft or Apple, they would be instantly ripped a new one.
A bug like this might write Android out of the enterprise market, permanently.