Researchers find backdoor on ZTE Android phones

Researchers find backdoor on ZTE Android phones

Summary: Security researchers have reported a hidden backdoor in the ZTE Score M and Skate Android phones, which could give a hacker root access

SHARE:
TOPICS: Security
0

Two mobile phones developed by Chinese device manufacturer ZTE have been found to carry a hidden backdoor, which can be used to instantly gain root access via a password that has been hard-coded into the software.

Android devices typically ship with the user unable to run commands as the 'root user', in order to protect customers from any inadvertent damage they could cause, and to reduce the chance of rogue applications taking complete control of the device. However, following an anonymous post to Pastebin on Thursday, security researcher Dmitri Alperovitch confirmed on Monday that ZTE has installed an application on the Score M and the Skate mobile phones that makes rooting these phones simple.

The post on Pastebin said: "There is a setuid-root [set user ID upon execution] application at /system/bin/sync_agent that serves no function besides providing a root shell backdoor on the device. Just give the magic, hard-coded password to get a root shell."

The ZTE Skate is known as the Orange Monte Carlo in the UK.

For more on this ZDNet UK-selected story, see Backdoor found in ZTE Android phones on ZDNet Australia.


Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.

Topic: Security

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion