It turns out the bug in Android I wrote about yesterday was worse than we thought. When the phone booted it started up a command shell as root and sent every keystroke you ever typed on the keyboard from then on to that shell. Thus every word you typed, in addition to going to the foreground application would be silently and invisibly interpreted as a command and executed with superuser privileges.
This isn’t after the phone was attacked or modified, this is apparently a bug in a shipping version of the Android OS. Google has already issued a fix, but, still, this is bizarre.
★ Saturday, 8 November 2008