Some Google (NASDAQ:GOOG) engineers probably feel foolish this morning. White-hat hackers have discovered that they can boot their own kernel on a Chromecast. The problem is that Google checks the new kernel's cryptographic signature, but if the check fails, it goes ahead and boots it anyway!
The researchers also point out that the "Chrome" branding seems odd, given that the shipping kernel is basically Android's. Some commentators ask if this signposts the death of Android.
In IT Blogwatch, bloggers point and laugh. And wonder.
Your humble blogwatcher curated these bloggy bits for your entertainment.
CJ Heres spills the beans:
As soon as the source code hit we began our audit. ... [We] concluded that it’s more Android than ChromeOS...its origins: the bootloader, kernel, init scripts, binaries, are all from the Google TV.
Lucky for us, Google was kind enough to GPL the bootloader. ... So we can identify the exact flaw that allows us to boot the unsigned kernel. ... USB boot mode looks for a signed image [which] is passed to the internal crypto hardware to be verified, but...the return code is never checked! MORE
Sean Riley answers FAQ #1:
Before you get your hopes up you won’t be installing your favorite Android apps on it anytime soon. ... Chromecast could potentially be turned into a tiny Google TV.
[But] I’m never one to get between people and their tech tinkering. MORE
Daniel Eran Dilger wonders why Google would tell people it runs on ChromeOS:
Google described its new Chromecast...as running a slimmed down version of ChromeOS, but [Heres] discovered it's really [Android]. ... Google's Chrome-related branding for the new device makes sense, now that Android is under the direction of Pichai rather than Rubin. But it also signals the beginning of something much larger.
[It] explains why Google put [Andy] Rubin's prototype Android TV product on ice. ... Prior to leading Android at Google and co-founding Android, Inc. before that, Rubin had co-founded its predecessor Danger. ... Prior to Danger, Rubin had worked at WebTV. ... And before that, Rubin [worked] at Apple...where he worked on on technology that Apple now asserts was illegitimately appropriated for use in Google's Android. ... [HTC signed] a ten-year patent licensing agreement with Apple last November over its use of Android. Apple now appears to be making more money [from] HTC's Android smartphones than HTC does. ... Google's own plan to monetize or at least defensively leverage Motorola patents has collapsed over the past year.
It would certainly be helpful if Google had a mobile platform that wasn't tainted by the intellectual property claims. ... While Chrome OS isn't quite ready to serve as a drop in replacement...there's several hints pointing toward Google moving in that direction. ...the company's IO developer convention...scheduled more sessions on Chrome than Android every day of the event. ... [And Google] appointed the head of Chrome OS to replace the head of Android. ...the writing on the wall appears very clear: Android's days appear to be numbered. MORE
With an anlternative analysis, here's Jake Hamby:
It makes sense that they would go with an Android kernel...because the Android fork is probably going to be really well tested by the SoC vendor.
The good news is that if people want to hack the Android userland on top of the Chromecast kernel, then all the pieces would already be there. :) MORE
Aigars Mahinovs thinks outside the box:
Now what I am waiting for is for someone to dump the flash and re-create a bootable image...that could be used on a Raspberry Pi to do the Chromecast functionality.
Now THAT would be awesome. MORE