• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Root Which exploit does EasyRoot use?

As an aside, it's it a bit frightening that an app could, for these devices, secretly root a phone and sit in the system doing what ever the hell it wants downloading apps secretly, uploading information, etc.

all the user would ever see is something masking itself as a Bluetooth toggle widget, complete with all and only the appropriate permission for that type of app. Prudence or paranoia anent gonna save you in that case, just no way of knowing unless you are at a console or already rooted (unless it checks for the "real" su app and hides if it finds it)

Honestly its so fricken foolproof, that if I was evil i'd be all about it
 
Upvote 0
As an aside, it's it a bit frightening that an app could, for these devices, secretly root a phone and sit in the system doing what ever the hell it wants downloading apps secretly, uploading information, etc.

all the user would ever see is something masking itself as a Bluetooth toggle widget, complete with all and only the appropriate permission for that type of app. Prudence or paranoia anent gonna save you in that case, just no way of knowing unless you are at a console or already rooted (unless it checks for the "real" su app and hides if it finds it)

Honestly its so fricken foolproof, that if I was evil i'd be all about it

I agree completely. I really hope they get this hole patched soon and start pushing out said patch to all phones. Although we all know how quickly OTAs come out
 
Upvote 0
I agree completely. I really hope they get this hole patched soon and start pushing out said patch to all phones. Although we all know how quickly OTAs come out

yeah as much I am all about "freeing the phone" I'm also all about having my identity/money/life left intact. These are gaping security holes that we are exploiting and then publishing the code for all over the internet.

Viva la open source, but lets just stick to the exploits that at least require human contact and a computer/adb, or at the very least propose a fix and offer it up for review to AOSP to source code commitment a long with releasing to us to use.
 
Upvote 0
Thanks for link to source OMJ :)

Before I got as far to see that they include the an "exploid" binary and the easyroot.apk includes the symbolic link to the hotplug device -- and they're trigging the hotplug in the kernel using a Bluetooth API. Brilliant IMHO.

So vincent not an exploit of bluetooth per se, but the hotplug feature in the Linux kernel, they're just activating it using Bluetooth.

To those that "wish these didn't happen" you wouldn't have your fancy "custom roms" today if were not for these exploits so really you should check yourself before you wreck yourself :p
 
Upvote 0
Thanks for link to source OMJ :)
To those that "wish these didn't happen" you wouldn't have your fancy "custom roms" today if were not for these exploits so really you should check yourself before you wreck yourself :p

True, but there are always new exploits we "legitimate" rooters can use. I just prefer the ones that aren't really susceptible to an app stealing me blind :p
 
Upvote 0
To those that "wish these didn't happen" you wouldn't have your fancy "custom roms" today if were not for these exploits so really you should check yourself before you wreck yourself :p

I agree with that to an extent but something like this that effects every android device and can easily be done by an app is something to be concerned about.

Thats actually part of the reason that I like the SPRecovery root method because its not something that can be done without the users knowledge unless you give someone your phone.
 
Upvote 0
Yeah, it's a double edged sword -- we probally wouldn't be able to unlock our devices to their full potential, but at the same time it could be used for very malicious purposes.

I think the fact they are in the public knowledge and widespread is better than only 1 person knowing about it, since the more public it is yes people could take advantage, but it also allows Google to fix the holes and perhaps rethink certain aspects of the OS overall which maybe could prevent these type of exploits in the future across perhaps other vulnerable areas.
 
Upvote 0

BEST TECH IN 2023

We've been tracking upcoming products and ranking the best tech since 2007. Thanks for trusting our opinion: we get rewarded through affiliate links that earn us a commission and we invite you to learn more about us.

Smartphones