November 08, 2008

G1 Jailbreak Fix Released (and Blocked), Plus Hacking Philosophy 101

Greetings. Google has released the promised fix (release RC30) to close the root access jailbreak in the Android G1. However, it seems likely that at least for G1's already in the field, it's too late to lock down this particular access exploit completely.

Newly distributed G1's will no doubt quickly be upgraded to RC30 before shipping, but for existing units in people's hands a variety of techniques are being widely discussed for blocking or altering this OTA (Over The Air) update. Modified system flash images are already being distributed that provide the desirable features of new updates but prevent the closure of root capabilities.

I've been doing Unix (and then Linux) system development since the days of Version 6 Unix (more than three decades ago) and they're by far my favorite OS environments. But there's an old axiom from way back about Unix (and by extension Linux) that still holds true today much of the time: "Once root, always root!" That is, if you ever get access to unrestricted root "superuser" capabilities, it can be very difficult for anyone to take them away from you later, if you know what you're doing.

Of course, for persons who receive phones preloaded with RC30 or later revisions, or who allow their G1s to upgrade to those levels, the current root door will be closed. But for anyone in the know with a pre-RC30 G1 right now, recalling their superuser capes will likely be difficult, especially since the G1's underlying Linux system is such a known quantity, and Android is Open Source (a design decision I certainly applaud).

But there do exist techniques that could make future G1 root exploits much more difficult, or make the lives of users who have deployed the current exploit on their own phones fairly miserable.

It will be up to Google to decide how hard they wish to push back against these developments, and especially how serious they view the current population of root-capable G1 phones to be.

An useful example might be gleaned from the TiVo experience (another Linux-based consumer project). TiVos have been heavily hacked in all sorts of ways, ranging from modifications to add in larger or multiple disk drives, to other more controversial unsanctioned alterations. And while TiVo has taken technical steps to make some of these modifications much less trivial to deploy than on their earlier platforms, they have not been "going after" the folks developing these exploits in a heavy-handed manner.

In fact, there is often a very visible bright line in the hacker community when it comes to these sorts of devices, between those who want to explore and access the hardware/OS to their hearts' content, vs. those who want to defraud (e.g., obtain related services for free).

My observation is that the former groups usually far outnumber the fraud-oriented latter ones.

A challenge for Google -- or any other organization in a similar situation -- is to balance their response to exploits in such a manner that they don't unintentionally drive significant numbers of persons from the more benign "exploration" category into the darker ("hell, we'll show 'em!") fraud category.

As usual, no simple answers, and no easy solutions.


Blog Update (January 1, 2009): Root Access Jailbreak for Google Android G1 RC30 -- Plus More Bonus Philosophy

Posted by Lauren at November 8, 2008 08:01 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein