03
May
gingerbreak

Well, that was fast. It hasn't been very long since the vold exploit was found that allowed root access to Gingerbread and Honeycomb systems, but Google has already patched it and moved the fix into the AOSP code (see these commits: [1], [2], [3], [4]). This means that once this update is pushed, we will need to find another route to achieve root access on devices running Gingerbread and Honeycomb.

Don't let this stop you from buying a new device right now, though, because it's far from certain when this fix will actually end up hitting devices. And while there may not be another known method around yet, we're sure some enterprising hackers somewhere are already hard at work.

Sources: Twitter [1], [2]; AOSP [1], [2], [3], [4]

Cameron Summerson
Cameron is a self-made geek, Android enthusiast, horror movie fanatic, musician, and cyclist. When he's not pounding keys here at AP, you can find him spending time with his wife and kids, plucking away on the 6-string, spinning on the streets, or watching The Texas Chainsaw Massacre on repeat.

  • Gerg

    The main issue is that we shouldn't have to rely on root exploits at the app level to get root. These things should hopefully be done since we have physical access to the phone itself and can apply "patches" in the sd card, etc.

  • grocon

    "Don’t let this stop you from buying a new device right now, though, because it’s far from certain when this fix will actually end up hitting devices. "

    can't understand how is that a good news ??
    it means all froyo/gingerbread/honeycomb have a huge security hole which anybody can exploit. many of them will never be patched because google/manufacturers/operators don't care...

    • Josh H

      Then buy an iPhone. They are made for people like you.

      • grocon

        sorry... can't find the relation between my comment and your answer...

        • Josh H

          Being able to Root is one of the best things about android. It opens a whole world of apps, roms, etc. If you cant see that then your better off getting an iphone.

        • grocon

          in fact, I am better getting neither of those.
          sorry that you can't see the issue with millions of phones subject to such security issues...

        • Darius_bd

          .
          @Grocon:

          The security for non gaining root access is just for the owner, like they handled you a plastic knife because they think you can cut yourself and sue them, while most of us need a swiss knife because we know how to take our phones to the next level.

          As such, is a responsibility to gain root access and is good that ppl like you keep thinking it is there because of "security issues". Plastic knife for you.

          As for the rest of your post, you're just spreading FUD.

        • grocon

          NO ! It's not only for the user of the phone.
          ask yourself what an application that would include the same exploit the gingerbreak apk uses would do to your phone ?
          Don't forget the gingerbreak apk "simply" gets root using a security issue and then modifies files on your phone that it should not have access to keep an easy access to the root rights after reboot.
          I maintain : having those security issues on millions of phones is bad !

          if you don't believe me, go ask on xda forums...

      • Jason

        Then what exactly is jailbreaking for the iphone then? It gives you access to the file system and you can then do anything you want with it. How is this any different than root? Hell, you could jailbreak the iphone by going to a website. That has happened at least twice. How is that any more secure?

        • grocon

          I really can't understand why are you so defensive...
          you can continue using an android phone if you want. nevertheless, google/manufacturers/operators not updating phones is a very bad thing.
          to answer your remark, apple doesn't update the iphone 2G and 3G anymore and this is bad. but I am not sure there is such security issues which are not patched now.

    • Coldman

      It's both good and bad. It's good because it's a workaround to get root when you want it. It's bad because it can be exploited to get root when you don't.

      • Josh H

        Forgive me if im wrong but its my understanding that a root exploit only gives the user superuser capabilities which still require the user to allow/deny any action. So then how can it be exploited without the user allowing it?

        • grocon

          most (if not all ?) phones on the market have at least one security issue which can be exploited by a simple application.
          we have already seen exploits of those issues by applications on the android market.

          looks like google is the new microsoft !

        • Themongolempire

          I'm not entirely sure on this, but I think that malicious code could bypass the screen that asks the user to to grant superuser permissions.

          Also, if there is malware hidden inside of a seemingly innocuous program, the user will just go ahead and grant the privileges when the app asks for them. This would allow the malware to run rampant as it pleases.

          If only there was some way of giving root access to the user while keeping it away from attackers.

  • Gerg

    It's bad for 95%+ of Android users, as it could be used in a malicious manner. Don't get me wrong, I flash a custom ROM day 1 on every phone I get, but this is simply bad news otherwise.

  • Josh H

    I think thats due to the Android market being open and has nothing to do with root exploits.

  • http://none andrewjt19

    The reason rooting is good and necessary is that it is based upon the principle of open-source. That's why it is okay to root and not illegal. It's blocked for people who are too stupid to handle system access and would screw up the phone. Carriers couldn't warranty what they don't know. On the other hand jailbreaking is illegal- it's totally proprietary.

    • Joe C

      @Andrewjt19: wrong.. jailbreaking is VERY legal as of a good few years ago. It just viods warranty
      @all: now.. if your so worried about security issues go buy an iPhone (what are hackers gonna steal, your mp3 of Sexy and i Know it and an mp3 of On a Boat you ripped off youtube?) Were not talking about microsoft products here. Although apple isnt always right for the job, or the cheapest machine for the parts, one thing holds true for apple: the products just work. Simple as that. Android COULD be the same way. But they choose open source, so its not going to be perfect. If you want a lazy phone with a working OS but mediocre-looking ROM, then get iPhone. Itll always work. You want an OS where you take a risk the phone manufacturer screwed up your ROM? Go android. I love my phone, hate the ROM (D2 moto blur). Cant root either to change it (have a mac <3). If it wasnt SO very hard to do, Co. Like verizon should give access to changing ROMs certified by them that they load for you (if you choose to not hack). But that will never happen, so we dedicated Android lovers hack to fix the problems idiots at Motorola (and others) give us, and to get the most out of our phones

Quantcast