The sprint rep COULD see what I dl'd/unrevoked team discloses original root method

[meccadon123]

My guess is A. they don't have anything new to disclose at this point as far as new 1 click root methods.
B. Am I reading this right? They made google and sprint aware of the vulnerability hence HTC/sprint patching the loophole with the recent ota?

So if they didn't say anything, HTC/Sprint would NOT have included a loophole closure for their "root" method in the OTA and there would have been no need for additional "unrevoked root methods"? Sooo why say anything at all?

Anyway, here's the disclosure...for what it's worth.

On edit: So that sprint rep Could see I Downloaded ATK after all. Actually the question of whether he DID or DIDN'T is no longer important. The question of "could he if he wanted to" has been answered.

"However, the security vulnerabilities present in skyagent are of less cause for concern than the purpose of the program. It appears that the binary was designed as a backdoor into the phone, allowing remote control of the device without the user's knowledge or permission. When the program is invoked, it listens for connections over TCP (by default, port 12345, on all interfaces, including the 3G network!) that accepts a fixed set of commands".

http://unrevoked.com/rootwiki/doku.p...ed1_disclosure

[ChronoT52]

If you read the document, the SkyAgent binary actually was worth tipping off Sprint and HTC. While proven unlikely, having a program that could potentially gain access to everything on your phone, including the current display on the screen, would be a stark violation of our privacy and cause for a bit of concern.

Interesting read though- thanks for the link!

[meccadon123]

Yea I caught that, which is why I POORLY tried to word my question 2 fold.

If the unrevoked team didn't say "hey HTC/Sprint WTH is this there for"? Would they have left it?

This goes back to my thread "Sprint rep knew I DL'd ATK".