Google has issued a fix to the G1 handset, to stop it executing commands just because they appear in an entered text message - preventing punters from rebooting the handset just by typing the word "reboot". The bug can hardly be called a security problem, given it requires access to the handset, but the fact that until the fix …
cat 0 > /proc/features/stupid/most
Looks like someone wasn't paying attention
when Apple made the same booboo of letting everything run as root on the iPhone.
There is no title
Nor do I have anything constructive to say about this. However for some reason I find the whole situation extremely funny and have been chuckling about it for five minutes now. I can just see someone showing their new Android phone off to their friends, comparing it to their iPhone and Blackberry and having the phone randomly reboot or some other thing. Much hilarity and laughing at said Android owner would occur. Thank El Reg, now my co workers think I'm totally out to lunch.
rm -rf would be worse? At least -r on its own would ask you before it committed user assisted suicide... ;)
Larry: Hey what's that command again?
Moe: rm -rf /
Larry: thanks Moe , have you seen Curly?
Larry : You there Moe?
Can anyone please explain how that bug might have been created? As a programmer, I am at a complete loss to understand how such an error would occur.
Unless they're reading all your messages. Which would explain the black helicopter.
"It's hard to imagine the circumstances..."
No it's not: one techie sat in front of system, txts colleague for assistance... lots of potential for commands to be txted there! :-O
Get me one of those fancy G1 handsets!
Nice one Google!
Has anyone in the UK had an OTA update yet? it seems we are on a different build to the US. Mine is currently at kila_uk-user .10 RC5-RC7 112931 which is the initial version it came out the box with
So not really rushed to market then..
Anyone would think they rushed this to market, what with Xmas coming up, and marketshare being lost to the Jesusphone.. ("Jesus, why did I wasted my cash on this iPhone crap..")..
I'm a Linux developer and I can't even begin to imagine how they managed to create such a stupid bug.
It's not hard to imagine.
You just get a bit drunk and decide to do something "funny".
A title should not be required
Hard to see when a text message contains 'rm -r'? Unlikely a message will contain the word 'reboot'??
Clearly, you've never done any form of out of hours support before, telling people how to fix things...
while reboot would be fairly rare, I can confirm that "stop" on a line by itself will freeze your G1 requiring you to remove the battery to get it to reset.
Just tried it and yes, it rebooted.
Let's hope TMobile send the patch out asap..
I would just like to point out
that during my spell as a Hell desk engineer i quite often got text messages from users with problems who were traveling or were doing work on the weekend asking for some friendly out of hours support (as this was a best efforts deal only the CEO or CIO actually called unless it was life and death ) the rest mostly work mates would text me and hope i called or text back with an answer. this would often contain the words reboot and restart in typical help desk style.
thankfully those days are over and now i'm a systems engineer and my out of hours support is paid :-) but about 100 times harder :-(
What has "cancer" being in a T9 dictionary got to do with this story?
And what does a T9 dictionary have to do with a phone which has a full qwerty keyboard? Which doesn't lend itself to predictive text software at all?
Sounds to me like someone left a debugging flag set in the release build.
I can see the utility of this "feature" during testing. But you're right that it should have been caught before final release.
But that's what users are for in the open source world: cheap testers.
>Of course, not many messages contain the word "reboot"
That one did, and so does this one. Perhaps we should call it the R-word in future to spare all those Android users. Oh, forgot, there aren't any...
I can see it now...
Receiving an SMS from the NOC saying something along the lines of
"CRITICAL ALERT: REBOOT SERVER"
... and sending your G1 into an infinite loop!
RE: Uk Updates
Same, no updates for me yet..
That would be `sudo rm -rf /`, actually.
That makes me want to get a G1 even more. There must be loads of wacky bugs to find. Then its just a case of setting up a website for people to share their creative ways of bricking a gPhone. What fun to be had...
The bug was created by piping /dev/console, nothing to do with google's software it self but with the OS conf.
I can't deal with any more of these hilarious messages from El Reg.
So I'm going to try texting
to 0203 178 6500
..except it will freeze my Googlephone ahahahahaaaaaaaaa
(To the tune of Camptown Races)
rm -rf *
Doo dah, doo dah,
rm -rf *
Doo, doo dah day!
I wonder... does it just happen on texts you type yourself, or can received texts also trigger the command sequence? :)
Mind you, such a silly "bug" would certainly cause a few days of fun for wannabe BOFHs volunteering to offer "support" to Android (l)users :)
Paris, because. (Oh come on, I'm sure you can think of plenty of excuses for warranting her presence on this thread!)
typing "Refund" doesn't have the desired effect.
What kind of on-the-road tech support would call for the instructing of someone to remove the entire root file system?
Malicious commands like this, yes. Such things were rare but depressingly not unheard of even in the mainframe days (telling a trainee Univac operator to type a shifted 41 on the production console was one quick way to get him fired, for example), but a legit instruction to destroy a computer that you would send by text message?
Who would action such a message without verbal confirmation and an official written request?
Stupid Bug indeed
Erm Cant you guys see that its a feature, and not a bug, I have an N800, and I know How difficult it is to open the terminal. Now thats what I call usability. I mean dude, you can type the commands from anywhere!! Even the guys @ Cupertino were not smart enough to implement this on the Jesus Phone. Pity they patched it now though.
But seriously, If this was on WinMo, everyone would go on ranting on how Microsoft's code is the "suxorz"
Funny how the I-used-to-be-an-IT-supporter types discuss the pros and cons of texting bewildered users "rm -r" and "rm -rf" messages like if it was daily routine...
Great way to annoy early adopters
Prima: "hey, i jst gt a G1, supr neat. opn src ftw, scrw ur ifone"
Secunda: "Yeah, did it reboot yet?"
Prima (some time later): "er, yeh"
Secunda: "What, your phone managed to reboot when you read a text message?"
Prima: "HEY, IT DID IT AGAIN!"
Secunda: [snigger, repeat until bored/patched]
re: Can anyone please explain how that bug might have been created?
Easy - they used a common interface to access underlying OS and text messages or maybe same UI with debug switch to disable OS access. The when release time came found it worked OK in debug but not release/ or pressure from boss to get out quick and 100 other things forgotten
of course you do need to assume they aren't the best coders/lack experience of this type of project - and all sorts of stupid things can happen
but look on the bright side - if all coders were good, it would be much harder for us that are to shine :-p
NOT the world's most stupid bug
But it would be interesting to have a contest for it. I think the Register needs to be a bit more measured in their hyperbole. I like the style, but sometimes they go off the deep end.
Having said that, I'll admit that it was pretty egregious. The input buffer is executable by default? Weird.
Back to the original theme: They are even hyperbolic in their icons. I want to express disapproval, and the tombstone is sort of cute, but I'm not actually so steamed as to erase the bookmark.
How damn funny is that!!! All those developers, testers, groupies and a bug like that got through... My ribs are killing me...
Reminds me of...
...a major commercial radio group whose incoming text messaging system displayed incoming texts on a web page in the studio.
You guessed it already: it was possible to send html tages on which it would act, with hilarious consequences.. not least sending links to jpgs that would be displayed as inline images. Still it gave the DJs something to look at before playing another Coldplay record.
No titles are required this week
Hahahahahaha @ the early adopters.
Owned yet again.
@ Jimmy Floyd
> Can anyone please explain how that bug might have been created?
> As a programmer, I am at a complete loss to understand how such an error would occur.
To me it seemed quite simple - it's a linux box so it boots up and starts running startup scripts in /bin/sh. Let's say that shell is attached to the 'tty' (or handset). Normally, that /bin/sh process either exits or transforms into init or something like that. Often, exiting that process reboots the machine because it's the main session (think single user mode, logout, reboot)
So, you've got /bin/sh running with the tty attached. You spawn the phone interface "/software/google/phone/runme &" popping it into the background and then you're left with the /bin/sh running.
Every key typed still hits the /bin/sh because it still has the tty. Easily fixed - "exec" the runme process (or equivalent), exit the startup script (assuming that won't reboot the machine), close STDIN, whatever.
Something like that is probably what happened. Background process which opened the tty, probably during boot that never let go.
Funniest thing I've seen in ages, though!
So Android has remote firmware update?
I just read it remotely auto updates it's firmware.
Nice for when you want to stop messages from a spam service then? Genius...
Why does Google need code that parses your text messages in this way (beyond lifting out numbers in cases they are telephone numbers)? What is it looking for? Is it speaking back to mother? Will you now get a "personal web experience" when your Android account gets paired up with your Google search/mail/apps account?
Google - they are the new evil.
@Er : malicious commands
In the early days of hacking (think just past 2600 phreaking) there were plenty of wannabees asking for hacking instructions and targets on IRC, and it was standard fare to tell them to target 127.0.0.1, grin.
Funny that, they always dropped out of the conversation afterwards :-)
Ah, those were the days..
Reckon the G1's text message editor was coded by an alias for a Mr S Ballmer?
At least it's only during composition
As the title says, at least it's only when you compose a text message. Imagine the fun you could have if you could just send a text to an Android phone with the word "reboot" in it.
I suppose not the daftest bug ever created. It's along similar lines to SQL injection bugs found on web servers. It does beg the question why the Android is parsing what is effectively a text entry field.
Makes my iPhone seem bug-free...
look in the code
isn't the OS open source? if so, cant someone who understands such things look at the code & tell us why this 'feature' is in there?
As a programmer myself, I am at a loss to understand how this bug came to be. How in hell is their software structured?
So, you have a 'console' right, where you can type commands into the command line interpreter (CLI)?
The CLI parses your input against a known list of commands and executes the commands as it finds them.
Why would you ever (as the programmer) want to place the text of a received message through the CLI?
I can think of only one reason: It would give the network operator a facility to reconfigure your phone via SMS, like the 'network service' texts that one sometimes receives when roaming networks for example.
Damn. I think I've just answered my own question.
Oh dear. Nasty bug.
This would never have happened if the OS had been written in FORTH :-)
"It looks like there is a /system/bin/sh process running in the background with
/dev/console mapped to stdin. That has the effect that everything you type on your
keyboard is actually being executed as root in the background even though you don't
see the output."
Which means everything you type is being executed, most of it returns "<command>: not found", but do not under any circumstances send a text message about anything computer related or it'll run with root privileges.
Ye Gods, give me Symbian or even Windows Mobile any day. Who in their right mind would use one of these shiny new devices from a latecomer like Google or Apple to access a network if they're going to get billed for it?
is this a bug? surely, in all seriousness, this is a feature. Why else would it execute commands from what should simply be a large-never-executed-block-of-text-to-be-sent-somewhere. Are you suggesting that the programmers *accidently* enabled command execution in a text box? Is that like when shoplifters *accidently* drop things into their pockets in shops ? :) "Sorry, Officer. These big pockets are a design flaw of the coat I'm wearing...and I'm clumsy"
Look at all the Linux users...
@Roger Garner: rm -r will not prompt by default if it wasn't compiled to do so.
@Jonathan Hammler: Does Android use sudo, or are you a Ubuntu user that thinks ever distro works the same? Google suggests the bug listed runs everything as root anyway.
It's a good job that I don't suffer from the same bug, otherwise I'd kick the bucket anytime I typed DIE int..............*followed by the thud of face hitting keyboard"
- Updated HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
- Peak Apple: Mountain of 80 MILLION 'Air' iPhone 6s ordered
- BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
- PROOF the Apple iPhone 6 rumor mill hype-gasm has reached its logical conclusion
- US judge: YES, cops or feds so can slurp an ENTIRE Gmail account