ZTE scrambles to get at root of phone flaw

May 18, 2012 by Nancy Owano report
The ZTE Score M

(Phys.org) -- Rattling phone security news surfaced this week for those owning ZTE Score M phones after an anonymous post to Pastebin.com reported a backdoor hole where others can gain control over a user’s device. The hole allows anyone with hardwired password to access the affected phone. ZTE has reacted in the affirmative, acknowledging the vulnerability in the Score phone and saying they’re working on a security patch, which it will issue soon. “We strongly urge affected users to download and install the patch as soon as it is rolled out to their devices."

As the world’s number-four handset vendor, ZTE Corp. and another Chinese equipment maker Huawei Technologies have been subjects of a controversy over whether their expanded presence in a U.S. market poses security risks from feared backdoors. Recently, a U.S. congressional panel singled out Huawei and ZTE in approving a measure designed to search and clear the U.S. nuclear-weapons complex of any technology produced by the two companies.

ZTE issued ZTE Score M as an affordable Android phone, the ZTE Score M. with a 3.5-inch HVGA touchscreen, 600MHz CPU,3.2-megapixel camera, Wi-Fi, and microSD slot. Unfortunately, news surfaced that it also had the unwelcome feature of a root backdoor. The setuid-root binary, a program that runs with root privileges in /system/bin/sync_agent, provides the backdoor. Anyone who knows the hard-coded password gets root access to the phone.

ZTE could have used the backdoor as a way for ZTE to update the phone’s software. Security experts say it is not clear whether ZTE is a victim of sloppy programming or whether this had worse intent.

Dmitri Alperovitch, co-founder of cybersecurity firm, CrowdStrike and former Vice President of Threat Research at McAfee, noted that it is rare to find a vulnerability apparently inserted by the hardware manufacturer.

There are conflicting reports over whether the hole affects other ZTE phones. ZTE confirmed the vulnerability on its Score but has denied that it affected other models as well. Nevertheless, some reports said ZTE Skate phones, sold by Orange in the UK, has the same backdoor. According to reports, security researchers are working to see if other ZTE devices suffer from the same vulnerability.

In Australia, , with offices in Sydney and Melbourne, supplies some Telstra phones. They are typically rebranded as T- and F-series mobile phones. Telstra, according to reports, knew about the backdoor news and was testing its devices, but preliminary tests looking for backdoor flaws suggested its handsets were not affected.

Explore further: Google's Waze app endangers police: LAPD chief

Related Stories

China's ZTE rejects Huawei patent charges

Apr 29, 2011

Chinese telecom equipment maker ZTE has rejected charges by its bigger rival Huawei Technologies, which is suing ZTE in three European countries for alleged patent and trademark infringements. ...

China's Huawei sues ZTE for patent infringement

Apr 28, 2011

China telecoms giant Huawei said Thursday it is suing hometown rival ZTE in Europe for alleged patent and trademark infringements, as the Chinese firms battle for overseas market share.

China's ZTE sues Swedish rival Ericsson

Apr 12, 2011

Chinese telecom equipment supplier ZTE said Tuesday it was suing a unit of Swedish mobile network giant Ericsson for patent infringement, escalating a legal dispute between the two rivals.

Ericsson and ZTE bury patent hatchets

Jan 20, 2012

Swedish mobile network giant Ericsson and Chinese rival ZTE have settled their patent infringement disputes, Ericsson said in a statement on Friday.

Sprint axes China's Huawei, ZTE on security grounds: WSJ

Nov 06, 2010

Sprint Nextel is excluding China's Huawei Technologies and ZTE Corp. from a multi-billion dollar contract to upgrade its cellular network largely because of national security concerns in Washington, The Wall ...

Recommended for you

Google's Waze app endangers police: LAPD chief

4 hours ago

Google's newly acquired Waze application poses a danger to police because of its ability to track their locations, the Los Angeles police chief said in a letter to the tech company's CEO.

Catch the northern lights with your mobile

Jan 26, 2015

Updates on the best opportunities to spot the Northern Lights in the UK are now available on a mobile phone app developed in association with scientists at Lancaster University.

App improves the safety of blind pedestrians in cities

Jan 22, 2015

Siemens is developing a system that helps blind and visually impaired people walk safely through cities. In cooperation with the Technical University of Braunschweig and several partners, Siemens is working ...

Nadella: Microsoft aspires to get consumers 'loving Windows'

Jan 22, 2015

Microsoft upped its bid to capture the hearts and minds of technology consumers Wednesday with Windows 10, announcing everything from free upgrades for the majority of Windows users to support for nascent holographic dis ...

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

mosahlah
2 / 5 (4) May 19, 2012
What else do you expect from our friends in China?

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.