ZTE scrambles to get at root of phone flaw

May 18, 2012 by Nancy Owano report
The ZTE Score M

(Phys.org) -- Rattling phone security news surfaced this week for those owning ZTE Score M phones after an anonymous post to Pastebin.com reported a backdoor hole where others can gain control over a user’s device. The hole allows anyone with hardwired password to access the affected phone. ZTE has reacted in the affirmative, acknowledging the vulnerability in the Score phone and saying they’re working on a security patch, which it will issue soon. “We strongly urge affected users to download and install the patch as soon as it is rolled out to their devices."

As the world’s number-four handset vendor, ZTE Corp. and another Chinese equipment maker Huawei Technologies have been subjects of a controversy over whether their expanded presence in a U.S. market poses security risks from feared backdoors. Recently, a U.S. congressional panel singled out Huawei and ZTE in approving a measure designed to search and clear the U.S. nuclear-weapons complex of any technology produced by the two companies.

ZTE issued ZTE Score M as an affordable Android phone, the ZTE Score M. with a 3.5-inch HVGA touchscreen, 600MHz CPU,3.2-megapixel camera, Wi-Fi, and microSD slot. Unfortunately, news surfaced that it also had the unwelcome feature of a root backdoor. The setuid-root binary, a program that runs with root privileges in /system/bin/sync_agent, provides the backdoor. Anyone who knows the hard-coded password gets root access to the phone.

ZTE could have used the backdoor as a way for ZTE to update the phone’s software. Security experts say it is not clear whether ZTE is a victim of sloppy programming or whether this had worse intent.

Dmitri Alperovitch, co-founder of cybersecurity firm, CrowdStrike and former Vice President of Threat Research at McAfee, noted that it is rare to find a vulnerability apparently inserted by the hardware manufacturer.

There are conflicting reports over whether the hole affects other ZTE phones. ZTE confirmed the vulnerability on its Score but has denied that it affected other models as well. Nevertheless, some reports said ZTE Skate phones, sold by Orange in the UK, has the same backdoor. According to reports, security researchers are working to see if other ZTE devices suffer from the same vulnerability.

In Australia, , with offices in Sydney and Melbourne, supplies some Telstra phones. They are typically rebranded as T- and F-series mobile phones. Telstra, according to reports, knew about the backdoor news and was testing its devices, but preliminary tests looking for backdoor flaws suggested its handsets were not affected.

Explore further: Hackathon team's GoogolPlex gives Siri extra powers

Related Stories

China's ZTE rejects Huawei patent charges

Apr 29, 2011

Chinese telecom equipment maker ZTE has rejected charges by its bigger rival Huawei Technologies, which is suing ZTE in three European countries for alleged patent and trademark infringements. ...

China's Huawei sues ZTE for patent infringement

Apr 28, 2011

China telecoms giant Huawei said Thursday it is suing hometown rival ZTE in Europe for alleged patent and trademark infringements, as the Chinese firms battle for overseas market share.

China's ZTE sues Swedish rival Ericsson

Apr 12, 2011

Chinese telecom equipment supplier ZTE said Tuesday it was suing a unit of Swedish mobile network giant Ericsson for patent infringement, escalating a legal dispute between the two rivals.

Ericsson and ZTE bury patent hatchets

Jan 20, 2012

Swedish mobile network giant Ericsson and Chinese rival ZTE have settled their patent infringement disputes, Ericsson said in a statement on Friday.

Sprint axes China's Huawei, ZTE on security grounds: WSJ

Nov 06, 2010

Sprint Nextel is excluding China's Huawei Technologies and ZTE Corp. from a multi-billion dollar contract to upgrade its cellular network largely because of national security concerns in Washington, The Wall ...

Recommended for you

Hackathon team's GoogolPlex gives Siri extra powers

18 hours ago

(Phys.org) —Four freshmen at the University of Pennsylvania have taken Apple's personal assistant Siri to behave as a graduate-level executive assistant which, when asked, is capable of adjusting the temperature ...

Microsoft CEO is driving data-culture mindset

Apr 16, 2014

(Phys.org) —Microsoft's future strategy: is all about leveraging data, from different sources, coming together using one cohesive Microsoft architecture. Microsoft CEO Satya Nadella on Tuesday, both in ...

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

mosahlah
2 / 5 (4) May 19, 2012
What else do you expect from our friends in China?

More news stories

Under some LED bulbs whites aren't 'whiter than white'

For years, companies have been adding whiteners to laundry detergent, paints, plastics, paper and fabrics to make whites look "whiter than white," but now, with a switch away from incandescent and fluorescent lighting, different ...

Hackathon team's GoogolPlex gives Siri extra powers

(Phys.org) —Four freshmen at the University of Pennsylvania have taken Apple's personal assistant Siri to behave as a graduate-level executive assistant which, when asked, is capable of adjusting the temperature ...

Researchers uncover likely creator of Bitcoin

The primary author of the celebrated Bitcoin paper, and therefore probable creator of Bitcoin, is most likely Nick Szabo, a blogger and former George Washington University law professor, according to students ...

Continents may be a key feature of Super-Earths

Huge Earth-like planets that have both continents and oceans may be better at harboring extraterrestrial life than those that are water-only worlds. A new study gives hope for the possibility that many super-Earth ...

Researchers successfully clone adult human stem cells

(Phys.org) —An international team of researchers, led by Robert Lanza, of Advanced Cell Technology, has announced that they have performed the first successful cloning of adult human skin cells into stem ...