ZTE scrambles to get at root of phone flaw

May 18, 2012 by Nancy Owano report
The ZTE Score M

(Phys.org) -- Rattling phone security news surfaced this week for those owning ZTE Score M phones after an anonymous post to Pastebin.com reported a backdoor hole where others can gain control over a user’s device. The hole allows anyone with hardwired password to access the affected phone. ZTE has reacted in the affirmative, acknowledging the vulnerability in the Score phone and saying they’re working on a security patch, which it will issue soon. “We strongly urge affected users to download and install the patch as soon as it is rolled out to their devices."

As the world’s number-four handset vendor, ZTE Corp. and another Chinese equipment maker Huawei Technologies have been subjects of a controversy over whether their expanded presence in a U.S. market poses security risks from feared backdoors. Recently, a U.S. congressional panel singled out Huawei and ZTE in approving a measure designed to search and clear the U.S. nuclear-weapons complex of any technology produced by the two companies.

ZTE issued ZTE Score M as an affordable Android phone, the ZTE Score M. with a 3.5-inch HVGA touchscreen, 600MHz CPU,3.2-megapixel camera, Wi-Fi, and microSD slot. Unfortunately, news surfaced that it also had the unwelcome feature of a root backdoor. The setuid-root binary, a program that runs with root privileges in /system/bin/sync_agent, provides the backdoor. Anyone who knows the hard-coded password gets root access to the phone.

ZTE could have used the backdoor as a way for ZTE to update the phone’s software. Security experts say it is not clear whether ZTE is a victim of sloppy programming or whether this had worse intent.

Dmitri Alperovitch, co-founder of cybersecurity firm, CrowdStrike and former Vice President of Threat Research at McAfee, noted that it is rare to find a vulnerability apparently inserted by the hardware manufacturer.

There are conflicting reports over whether the hole affects other ZTE phones. ZTE confirmed the vulnerability on its Score but has denied that it affected other models as well. Nevertheless, some reports said ZTE Skate phones, sold by Orange in the UK, has the same backdoor. According to reports, security researchers are working to see if other ZTE devices suffer from the same vulnerability.

In Australia, , with offices in Sydney and Melbourne, supplies some Telstra phones. They are typically rebranded as T- and F-series mobile phones. Telstra, according to reports, knew about the backdoor news and was testing its devices, but preliminary tests looking for backdoor flaws suggested its handsets were not affected.

Explore further: Software provides a clear overview in long documents

Related Stories

China's ZTE rejects Huawei patent charges

Apr 29, 2011

Chinese telecom equipment maker ZTE has rejected charges by its bigger rival Huawei Technologies, which is suing ZTE in three European countries for alleged patent and trademark infringements. ...

China's Huawei sues ZTE for patent infringement

Apr 28, 2011

China telecoms giant Huawei said Thursday it is suing hometown rival ZTE in Europe for alleged patent and trademark infringements, as the Chinese firms battle for overseas market share.

China's ZTE sues Swedish rival Ericsson

Apr 12, 2011

Chinese telecom equipment supplier ZTE said Tuesday it was suing a unit of Swedish mobile network giant Ericsson for patent infringement, escalating a legal dispute between the two rivals.

Ericsson and ZTE bury patent hatchets

Jan 20, 2012

Swedish mobile network giant Ericsson and Chinese rival ZTE have settled their patent infringement disputes, Ericsson said in a statement on Friday.

Sprint axes China's Huawei, ZTE on security grounds: WSJ

Nov 06, 2010

Sprint Nextel is excluding China's Huawei Technologies and ZTE Corp. from a multi-billion dollar contract to upgrade its cellular network largely because of national security concerns in Washington, The Wall ...

Recommended for you

Software provides a clear overview in long documents

13 hours ago

In the future, a software will help users better analyze long texts such as the documents for calls for bids, which are often more than one thousand pages long. Experts at Siemens' global research unit Corporate ...

Google worker shows early-draft glimpse of Chrome OS

Jul 20, 2014

The Chrome OS is in for a future look. Athena, a Chromium OS project, will bring forth the new Chrome OS user experience. Google's François Beaufort on Friday, referring to the screenshot he posted, said," ...

Google eyes Chrome on Windows laptop battery drain

Jul 19, 2014

Google Chrome on Microsoft Windows has been said to have a problem for some time but this week comes news that Google will give it the attention others think the problem quite deserves. Namely, Google is to ...

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

mosahlah
2 / 5 (4) May 19, 2012
What else do you expect from our friends in China?