Backdoor found in ZTE Android phones

Backdoor found in ZTE Android phones

Summary: Two mobile phones, developed by Chinese telecommunications device manufacturer ZTE, have been found to carry a hidden backdoor, which can be used to instantly gain root access with a password, that has been hard-coded into the software.

SHARE:
2

Two mobile phones, developed by Chinese telecommunications device manufacturer ZTE, have been found to carry a hidden backdoor, which can be used to instantly gain root access with a password, that has been hard-coded into the software.

Android devices typically ship with the user unable to run commands as the "root user", in order to protect customers from any inadvertent damage they could cause, and to reduce the chance of rogue applications taking complete control of the device. However, following an anonymous post to Pastebin, security researchers have found that ZTE has installed an application on the Score M and the Skate mobile phones, which make rooting these phones simple.

The post said:

There is a setuid-root [set user ID upon execution] application at /system/bin/sync_agent that serves no function besides providing a root shell backdoor on the device. Just give the magic, hard-coded password to get a root shell.

The phone is available in the US and the UK, amongst other markets. While no telco in Australia appears to be selling the Score M or Skate mobile phones outright, it is still possible to purchase it online or through smaller firms. ZTE has offices in Sydney and Melbourne, and is a supplier of a large number of Telstra mobile phones, typically rebranded as Telstra's own T- and F-series mobile phones. Telstra is aware of the issue, and is in the process of testing its devices, to determine if the backdoor exists on them.

"Our preliminary tests suggest that handsets supplied to Telstra are unaffected by this issue. That said, we take device security very seriously, and we are conducting more extensive testing to confirm our initial findings. Should we discover any issues, we will contact customers directly," Telstra said in a statement.

ZTE is also the company behind the Optus-branded MyTab tablet, which runs Android.

ZDNet Australia contacted Optus to comment on whether its devices may be affected, but did not receive a response at the time of writing.

Although Vodafone sells ZTE-branded USB modems, it does not sell any Android devices from ZTE in Australia.

Former McAfee threat research vice president Dmitri Alperovitch is a security researcher that has independently verified the original claim, posting the password to the hidden application on Twitter.

There are also a number of reports from users on Reddit, some who said that there does not appear to be any way of remotely accessing the backdoor. However, other users have pointed out that if the hacker wrote another application to access the backdoor, it would be a trivial matter to first root the device and then take complete control.

Topics: Android, Google, Security, China

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • Yes well we are all suitably outraged at this plot. Wait how many "back doors" have been found in equipment manufactured elsewhere. An often quoted comment goes something like "if the choice exists between a secret agenda or stuff up?, choose stuff up"!
    Knowledge Expert
  • In light of this information, I think the smartest thing to do would be to let Huawei build our critical NBN Internet infrastructure. I have firm assurances from Huawei lapdog Mr Alexander Downer that it is completely safe to do so and we should not make the Chinese mad, or else they will buy Sydney Opera House.
    IsJosKan1