DroidForums.net is the original Verizon Android Forum! Registered Users do not see these ads. Please Register - It's Free!
Results 1 to 1 of 1

Thread: Backdoor Found In HTC EVO & Sprint Hero, Exploited To Gain Root Access

  1. Super Mod/News Team
    Shadez's Avatar
    Member #
    32075
    Join Date
    Jan 2010
    Location
    Lafayette Hill, Pa
    Posts
    8,223
    Liked
    594 times
    Twitter
    @Shadez69
    Phone
    Droid,Droid Bionic/Galaxy SIII
    Premium Member
    #1

    Backdoor Found In HTC EVO & Sprint Hero, Exploited To Gain Root Access



    13 Jul, 2010 written by Jeremiah Bostick / androidguys.com0




    The development team calling themselves unrevoked discovered an executable binary called skyagent in the HTC EVO and the Sprint Hero. A second executable binary called hstools was also found in the HTC EVO. In addition to other capabilities, both binaries allowed access to the root of the phones’ file sytsems.


    File this in the “this isn’t exactly new but now we know how it all went down” category. The skyagent binary could be used as a backdoor into each phone “allowing control of the device without the user’s knowledge or permission.” Skyagent was executable by any user without requiring elevated permissions. Once skyagent was invoked it would listen for commands over a TCP port on “all interfaces, including the 3G network.” The commands that unrevoked discovered are:

    • sending and monitor user tap and drag input (“PentapHook”),
    • sending key events (“InputCapture”),
    • dumping the framebuffer (“captureScreen”),
    • listing processes (“GetProc”),
    • rebooting the device immediately,
    • and executing arbitrary shell commands as root (“LaunchChild”)

    It was skyagent that unrevoked used for their 1-click root method that can be found at unrevoked.com


    Likewise, hstools was another executable binary that could be used to pass command input to the phone with root permission. Hstools was exploited by unrevoked after skyagent was removed by the EVO launch-day OTA update.


    Unrevoked makes a point to mention that they do not believe that either HTC or Sprint had any malicious intent with regards to these two vulnerabilities. It is believed that skyagent was a debugging binary that was never removed from the phone before official release. Unrevoked goes on to praise Google, HTC, and Sprint for their efforts in patching the vulnerabilities and provides a timeline of events:

    • 31 May 2010 23:53:08 EDT: Google security notified about skyagent
    • 01 Jun 2010 03:53:30 UTC: Automated Google response
    • 01 Jun 2010 16:45:46 UTC: Response from Google Security Team
    • 02 Jun 2010 23:18:31 EDT: Sprint security contacted about skyagent
    • 03 Jun 2010 01:18:58 CDT: Sprint response
    • 04 Jun 2010: Sprint OTA update removingskyagent binary.
    • 30 Jun 2010: Sprint OTA update patchinghstools vulnerability.

    androidguys.com
  2.  
     
     
     

Links

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Similar Threads

  1. Tunesremote - Unable to access playlists - HTC Hero
    By papplesmith in forum Android Applications
    Replies: 0
    Last Post: 06-08-2010, 05:11 PM
  2. New HTC Hero (sprint)
    By Potsy in forum New Member Introductions & Site Assistance
    Replies: 2
    Last Post: 04-17-2010, 02:15 AM
  3. Backdoor to APP manager?
    By sboman_32 in forum Android Applications
    Replies: 4
    Last Post: 03-15-2010, 02:24 PM
  4. Replies: 0
    Last Post: 02-10-2010, 01:43 AM
  5. cp not found on Root Droid
    By kzmania in forum Android Tech Support
    Replies: 1
    Last Post: 01-13-2010, 01:29 AM

Search tags for this page

access htc evo remotely
,
cp command not found on sprint hero
,
how to gain backdoor access to a smart phone
,
how to remotely access htc evo
,
htc evo as remote control
,
htc evo remote access
,
htc evo remote control
,
htc hero cp command not found
,
remote access htc evo
,
remote access to htc hero
,
remotely access htc evo
,
remotely access sprint htc
,

remotely control htc evo

,
root evo remotley
,
sprint back door access
Click on a term to search our site for related topics.
Find us on Google+