Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Android Google Security Technology

Gaining a Remote Shell On Android 124

Posted by Soulskill from the poking-google-with-a-stick dept.
SharkLaser writes "The security of Android devices has come under scrutiny in recent months. Android Market has been plagued with a number of trojaned apps, and researchers have identified various root exploits and permission leaks that can be exploited, for example, to send premium rate SMSs. Now researcher Thomas Cannon of ViaForensics is demonstrating a method for setting up remote shell on an Android device without using any exploits or vulnerabilities. The security hole is not new, and it has been pointed out for a number of years, but Google has yet to fix it. The method works on various versions of Android, up to and including the newest Ice Cream Sandwich."
This discussion has been archived. No new comments can be posted.

Gaining a Remote Shell On Android More

Gaining a Remote Shell On Android

Comments Filter:

  • Or Just a Local Shell (Score:5, Insightful)

    by Doc Ruby ( 173196 ) on Tuesday December 20, 2011 @09:20PM (#38443154) Homepage Journal

    Until my phone's Android lets me run the Android Perl shell app on it without rooting, it's not "open", no matter what Google says. The source code might be open, at least "open readonly", and the binary might be "open execute" by hackers onto unauthorized hardware. But the OS instance is not open if it's not open to me as a user to invoke its API with an app that can do the job.

  • This isn't even close to new (Score:4, Insightful)

    by StealthHunter ( 597677 ) on Tuesday December 20, 2011 @09:21PM (#38443164)
    Woah, if you install an app, it can do stuff! Presentations (Defcon 18), numerous student thesis and a number of academic papers do nearly (or exactly) this. (agreed that apps w/o INTERNET permission probably shouldn't be able to leverage the browser, etc, but again, not new or newsworthy)

  • Re:Firewall (Score:2, Insightful)

    by Anonymous Coward on Tuesday December 20, 2011 @09:24PM (#38443186)
    And if you don't have root, you can use one of the many remote root exploits to give yourself root access.

  • Why does Android forbid root to the owner? (Score:5, Insightful)

    by Morgaine ( 4316 ) on Tuesday December 20, 2011 @10:04PM (#38443470)

    This is a question which doesn't seem to get asked much, probably because Google is an unmovable behemoth that's not really interested in the owners of devices, but only in advertisers. Nevertheless, it needs to be asked.

    These cellphones and tablets belong to us, they don't belong to the device manufacturer, nor to the cellphone service operator, and even less to Google. They are ours. So why are we, the owners, forbidden direct root access to our own devices? It's like owning a Linux desktop without root, or owning a Windows machine and not being allowed Administrator access.

    It's daft, and it's completely wrong.

    Currently the crackers seem to have easier access to root than the device owners. Google, stop navel gazing and caring only about profit, and do something for users for a change. Add to standard Android a legitimate method for users to have access to root on their own devices, so that "rooting" becomes a thing of the past. It's not your right (nor anyone else's) to deny it.

    Morgaine.

  • Re:TFA is blank (Score:4, Insightful)

    by A nonymous Coward ( 7548 ) on Wednesday December 21, 2011 @12:29AM (#38444454)

    Amazing web page. A security page that requires javascript to display. If you look at the source, the entire readable content a dozen short paragraphs at the end, each written on one line, and being mere verbaige around the real content, which is a video hosted elsewhere.

    Somehow I don't think I'll be taking any of this site's suggestions very seriously.

Slashdot Top Deals

They are relatively good but absolutely terrible. -- Alan Kay, commenting on Apollos

Close