In association with heise online

06 November 2008, 12:15

Root rights on Google's Android

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The PTerminal program available from the Android Market can be used to allow a user to log in remotely to HTC's G1 Android smartphone and explore the underlying Linux system with root rights. The terminal program allows the user to run telnetd, the Telnet daemon, on the smartphone. With this running, the user can then use a telnet client to log into the phone. Upon logging in, the user will find that they have root rights and can manipulate any file on the system. Interestingly, the telnetd program does not appear to be set to run setuid-root, posing questions on how Android's security model works.

This trick means it can only be a matter of hours until the first SSH daemons and many other applications for the G1 appear, that run natively on the Android platform's Linux system, instead of in the Java/Dalvik "sandbox" that applications downloaded from the Android Market normally run in.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit