Before the EVO launched, Matt Mastracci and the crew at unrevoked announced that the EVO and Hero had a serious security vulnerability. In turn, this made the phones easy to root – but they still recommended that people either hold off on buying the phone unless they were going to root, or an OTA update was released patching the flaws. It looks like the latest OTA did just that, as they’ve released details on their Wiki.


The crew at UR suspects that these vulnerabilities were for debugging, and were never removed before the phone went to manufacture. The first flaw is in a set of code called “Skyagent” (HTC/Sprints name), and is pants-pissingly scary. It allows for complete remote control of the phone without requiring any authentication or privileges, and without the user knowing. As if that weren’t bad enough, Skyagent also allows system memory to be overwritten in various ways. After explaining all this, they point out that they don’t think Skyagent could ever be invoked remotely (right after they say, and I quote, “allowing remote control of the device without the user’s knowledge or permission.”)


The second flaw doesn’t sound nearly as scary – possibly because I can’t understand what the hell it means:

The hstools executable is another setuid root binary; the intent does not appear malicious. Commands are passed in as command-line arguments. Some available commands take in an arbitrary string as an identifier. However, these identifiers are not sanitized before they are passed to the system function, and thus can be used to pass arbitrary input to the shell with root permissions.

What I’m taking from that is that some commands can used in a certain way in order to get root. Compared to Skyagent, this one doesn’t seem so bad – but then again, that could just be because nobody came up with any malicious code to exploit it.

The good guys over at UR chose to keep the vulnerabilities to themselves, and only released details once the patch had fixed them. Lucky for us they use their powers for good, and not for evil. Thanks guys.

[Source: unrEVOked Wiki]