UPDATE: Sprint’s OTA release last night fixes the serious vulnerability we reported to them. Kudos to them for moving so quickly. As an end-user, you’ll have to decide between being more secure with the OTA update or having root access to the device you own for now.
In the comments, Sean Doherty says:
We want to reassure everybody about some questions that have been raised about HTC EVO 4G.
We have a software update being deployed that corrects an issue with some MicroSD cards and also deploys a patch that will fix a potential security vulnerability. Users can install this update by going to Settings > System Updates > HTC Software Update on their EVO and following the instructions as prompted.
Sprint moved swiftly to make sure this was addressed.
Sean Doherty
Sprint Corporate Communications
@srdoherty
As you might know, I’ve been poking around in the guts of the HTC EVO with some other developers during the last few weeks of early EVO ownership looking to get access to root. It turned out to be fairly easy – a few hours into the investigation and we had access to root.
It turns out that this is a really, really bad thing for users. The Sprint customizations of Android are so bad that an Android application could get access to all of your data with very little work. It’s so bad that I would not recommend purchasing the Sprint EVO or Hero.
You are putting your data at risk of theft from not just one vulnerability (the one we’re releasing tomorrow), but a whole suite of vulnerabilities!
The hardest part of this is that we’re now in competition with Sprint trying to keep root access to the phone, so the idea of “responsible disclosure” works against what you’re trying to do. If end-users had full access to the phone, we’d be sending these vulnerabilities straight to Sprint. Since Sprint has decided to take the anti-user approach and lock down the phone, we’re basically holding all of these exploits close to our chest.
It hurts me to say this, but to help users take control of hardware they own, we have to expose them to security holes.
To handset manufacturers and carriers: if you give users to freedom to customize their devices, we’ll work with you directly to make sure those same users aren’t vulnerable out-of-the-box. Be more like Google and less like Apple and you’ll get an army of white-hats working to improve your product.
To end-users: choose phones that don’t make you jump through hoops to take control like the Nexus One. You bought it, it should be yours to hack and customize.
We’ll be releasing the unrevoked exploit tomorrow, but holding the details for a week or so. It’s such a blatant and dangerous hole that we felt that responsible disclosure was our only choice.
For the record, both Google and Sprint have been very proactive in plugging this hole. It would, however, be a lot easier for all parties involved if these devices weren’t locked down and we were all working to improve the user’s experience instead of building better mice and mousetraps.
Please Dont Release that exploits Informations
We want NexusOne type Unlocked Bootloader but Sprint Verizon and HTC is more like Apple now a days
@Google Where is your Open Soul?
They tried to sell something open, but people didn’t want it. It was called the nexus one. they complained that the carriers didn’t want it, and that it wasn’t available in stores and supported. But that’s what the carriers do, and your phone’s soul is the price. It’s the people who didn’t buy a nexus one’s fault.
Matt,
What you are saying is VERY scary. I am just savvy enough with hacking phones to be able to follow instructions and do the necessary tweaks (like unlocking my HTC Touch Pro2 to run a cooked ROM of Windows Mobile), but that’s about the limit of my understanding of the innards of the device.
Question for you: will I still have that same vulnerability if/when I root the EVO and install Froyo? Or is this issue strictly related to the current 2.1 build that is on the EVO?
Nervously awaiting more details…
Matt
I’ve heard (unconfirmed!) that the current Froyo zip for EVO *may* have a suid sh rather than using the superuser application. You’ll have to tweak the image to swap in the safe version of su. At that point, you’ll be *way* more secure than the stock EVO.
The one-click root we’re releasing will make you somewhat safer (and install a safe version of su).
Hello,
I had the one-click root working but then my friend used my phone
and updated it using HTC update. I tried to use the root again but it fails.
Is there an update to the one-click root? How can I get root again after the
HTC update that was done to my phone?
Please HELP
Will your one-click root require a wipe/factory reset?
Nope. It (currently) runs once per reboot. No need to wipe.
So ‘unrevoked’ will root the device but everything (including Sense) stays on the phone?
This will be my first Android phone. I’m savvy enough to figure things out, but I’m pretty naive at this point. Haven’t had my grubby paws on a device to learn with yet.
Correct. You get su, that’s all for now. You can use that su to tweak other things like hiding sprint apps/etc.
Will unrevoked have the problems that other exploits have? I mean, will it disable 4G or not allow the use of protected apps?
The root changes as little as possible. I didn’t run into any problems with any of the installed software.
i noticed that you didnt say anything about the samsung moment when you recommended not buying the evo or the hero. does that mean it could be an htc/sense issue? i ask because i have an htc incredible with verizon and this has me very weary. thank you for your time and effort!
Will your exploit allow to write to system from Android?
Not yet. You can bind mount parts of system to change them, however, but it won’t stick between reboots.
Thanks, if you can please post instructions on how once can write to system.
Matt, really glad you guys are pointing out the security flaws to sprint/google. Even more glad you are helping us root
Can’t wait -keep hitting ‘refresh’ ‘refresh’ on the teaser site hoping the details pop up. Will you have any kind of mailing list to update your fans, err, evo users on the progress of writing to the system as well as other improvements, etc.? Thanks for everything!!!
**EDIT** …just noticed it is 10:32 your time -darn! (12:32am here!)
Twitter is the best place for updates: http://twitter.com/unrevoked
The current “evorecovery” found at XDA will be compatible with this one step root correct?
What’s up with the tweets from the iPhone? I thought you guys were for open platforms? When’s the iPhone hack coming?
Tweetie for Mac shows up as Twitter for iPhone on Twitter now. Weird. I was wondering why everyone was telling me that (since I use Echofon on my iPhone).
So looks like they already patched your “exploit”. Seems to me like sprint was AHEAD of the game. They have it patched before the phone was released to the public, that’s all that matters.
This exploit has been in the wild on the HTC Hero for a while now. They pushed the same OTA to Hero last night to fix it. All of this happened after we reported it.
We want to reassure everybody about some questions that have been raised about HTC EVO 4G.
We have a software update being deployed that corrects an issue with some MicroSD cards and also deploys a patch that will fix a potential security vulnerability. Users can install this update by going to Settings > System Updates > HTC Software Update on their EVO and following the instructions as prompted.
Sprint moved swiftly to make sure this was addressed.
Sean Doherty
Sprint Corporate Communications
@srdoherty
Can someone tell me if data can be recovered from a i-phone sim card? pics, texts ect
What build # is the original (rootable) build and what build # is the OTA update? Thanks!
will this work to partition the SD card so that I may install more apps directly to the SD card?
So, just bought my EVO. Anybody out there who has install the root having ANY problems at all? What is the whole “goldcard” business about? Should I make a “goldcard” first as suggested by a website? Can i just do the “unrevoked” download without doing anything else? Why are there sooooo many sites out there giving instructions on who to do this? Which is the MOST reliable and easy to follow link?
This is my first droid. When Froyo comes out as a release to the public (without all this hacking) would it be exactly the same as what “unrevoked” is trying to accomplish? Would I be able to install the published Froyo on my phone even with this current hack?
Eat my nuts!! no dont do that, i think you”ll need some crackers first preferably ritz bam!!!! no need for easy cheese anymore. luv ya all bitches!!!!!!!!!!!!!!!!!!!!!!!! and by the way the evo htc is a piece of shit!!!!!!!!!!!!!!!!(no crackers required) sucka ass bitches niger rap fools!
ok I bought the HTC EVO today. so what is my next step.
1. is there a 2.2 system update?
2. how do I secure my phone?
They’ve published the method that powered the original unrevoked: A trojan horse shipped in the Sprint software that allowed full root-level control of the phone.
http://www.unrevoked.com/rootwiki/doku.php/android_security
Hey! archos tablet is simply wonderfull!! i purchased one a couple of days ago and luv every moment..
Hey! this new HTC 4G looks nice!!! i’m really wanting to get this mobile, i think Android is much better than the iOS IMO so i think thats the telly for moi
Only things of issue are 1.) alarm clock got no pop up to dismiss or snooze the first time I used it. It’s been great since then but wow- that was interesting. Had to turn it off to stop the song! 2.) One day, all my imported (at Sprint store) contacts disappeared. Only the ones I had hand loaded directly remained. I lost ~ 113 names, numbers that I have no plan how to get back. They are not in my gmail or anything..
Hi Guys>> jus wanna know can u root an evo 4g with a firmwire of 1.1473 etc… and if so,with what? trying 2 get all apps if poss..