Posts
Earlier this month we reported that a backdoor had been discovered in the ZTE
Score M Android smartphone. It was brought to light through a post on Pastebin
and later confirmed by Justin Case of TeamAndIRC. Now ZTE has come clean and
admitted publicly the backdoor exists.
ZTE has stated that the backdoor takes the form of a hard-coded password that
is only present on the Score M distributed in the US. If you own and use another
ZTE handset, such as the Skate, you have nothing to worry about.
Cyber security company CrowdStrike also confirmed the backdoor is a
deliberate inclusion as ZTE use it to update their handsets. But why they chose
this method and left the Score M with a major security hole has yet to be
determined. It could be malicious, but it could just as easily be be developers
not thinking about the security implications of what they are doing.
The problem has got worse for Score M users ever since the news of a backdoor
went public. The reason being, the hard-coded password is now easy to find with
a quick Internet search. Anyone in possession of it and with access to a Score
M, can gain root access to the handset without need of user authentication.
ZTE is now working on a patch to remove the backdoor. The company said it
will be available to download and apply soon, but hasn’t given a specific date
as to when it will be available.
0 comments
Post a Comment