Gaining a Remote Shell On Android 124
SharkLaser writes "The security of Android devices has come under scrutiny in recent months. Android Market has been plagued with a number of trojaned apps, and researchers have identified various root exploits and permission leaks that can be exploited, for example, to send premium rate SMSs. Now researcher Thomas Cannon of ViaForensics is demonstrating a method for setting up remote shell on an Android device without using any exploits or vulnerabilities. The security hole is not new, and it has been pointed out for a number of years, but Google has yet to fix it. The method works on various versions of Android, up to and including the newest Ice Cream Sandwich."
Or Just a Local Shell (Score:5, Insightful)
Until my phone's Android lets me run the Android Perl shell app on it without rooting, it's not "open", no matter what Google says. The source code might be open, at least "open readonly", and the binary might be "open execute" by hackers onto unauthorized hardware. But the OS instance is not open if it's not open to me as a user to invoke its API with an app that can do the job.
This isn't even close to new (Score:4, Insightful)
Re:Firewall (Score:2, Insightful)
Why does Android forbid root to the owner? (Score:5, Insightful)
This is a question which doesn't seem to get asked much, probably because Google is an unmovable behemoth that's not really interested in the owners of devices, but only in advertisers. Nevertheless, it needs to be asked.
These cellphones and tablets belong to us, they don't belong to the device manufacturer, nor to the cellphone service operator, and even less to Google. They are ours. So why are we, the owners, forbidden direct root access to our own devices? It's like owning a Linux desktop without root, or owning a Windows machine and not being allowed Administrator access.
It's daft, and it's completely wrong.
Currently the crackers seem to have easier access to root than the device owners. Google, stop navel gazing and caring only about profit, and do something for users for a change. Add to standard Android a legitimate method for users to have access to root on their own devices, so that "rooting" becomes a thing of the past. It's not your right (nor anyone else's) to deny it.
Morgaine.
Re:TFA is blank (Score:4, Insightful)
Amazing web page. A security page that requires javascript to display. If you look at the source, the entire readable content a dozen short paragraphs at the end, each written on one line, and being mere verbaige around the real content, which is a video hosted elsewhere.
Somehow I don't think I'll be taking any of this site's suggestions very seriously.