Suffire.com | Geek Stuffs, Technology Related

Filed under: Gaming

The phones at Engadget HQ have been ringing off the hook with reports that the incredible Sam’s Club Black Friday Wii deal spied the other day was, in fact, not all that it seemed. Apparently, due to a Photoshop disaster or related incident, someone swapped out the actual deal price ($425) for an amazingly low $224. We’d say this was a closed case, save for the fact that the page carrying the updated “correct” information is now down, and all we have left is a paltry Google cache link. If anyone out there in magical, mystical Internetville knows more, feel free to drop us a line.

[Thanks to everyone who sent this in]

Sam’s Club Black Friday Wii deal too good to be true? originally appeared on Engadget on Sat, 15 Nov 2008 17:41:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Warning: This is not a joke. If you are one of the lucky few with the Android G1 Googlephone, try typing the word “reboot”.

Sorry. I take it you managed to find your way back here after your phone restarted. This incredible “feature” is not any kind of malware you might have picked up, but a real life bug in the actual shipping version of the Android OS. Anything you type on the keyboard, in any application, is simultaneously sent to a command line shell and executed as the root user.

A rough translation: Imagine you are running a terminal in Linux, the geeky text window into which you type commands for the computer to execute. Imagine, also, that the account in which you are working is that of the super user, or root, a user with permission to do anything it wants, including a simple five character command which will erase the entire contents of the phone, operating system and all.

That is exactly what is happening with the Android OS up to build number RC29 (the version which is hurriedly being pushed over the air as an update to G1 users. We thought that the hackers had scored when we reported that root terminal success had been achieved on the Googlephone, but now the process of downloading the terminal application, PTerminal, seems a little clunky. In fact, you should be able to turn on telnet, the process which enables you to remotely browse to your device over the network, simply by typing telnetd (although you’ll need some jiggery pokery to make sure you’re first in the correct directory).

Here’s what ZDNet’s Ed Burnette has to say:

Thus every word you typed, in addition to going to the foreground application would be silently and invisibly interpreted as a command and executed with superuser privileges. Wow!

And from user jdhorvat, who posted this on the Google Code bug report thread:

I was in the middle of a text conversation with my girl when she asked why I hadn’t responded. I had just rebooted my phone and the first thing I typed was a response to her text which simply stated “Reboot” – which, to my surprise, rebooted my phone.

Incredible, and quite ridiculously dangerous. No wonder AT&T CEO Ralph De La Vega said that “The platform is still evolving”. The update should be with you soon. In the meantime, you can temporarily disable the background shell, using Burnette’s instructions.

Open the keyboard and type these 5 keystrokes: <return>-c-a-t-<return>. That will cause the phantom shell to not listen to commands any more, at least until the next reboot.

If that’s too much for you, just be careful what you type.

Worst. Bug. Ever. [ZDNet]
Android appears to be watching text streams and acting upon them [Google Code]

(Photo by Jon Snyder for Wired.com)