As inconvenient as it is, it’s quite the norm for customers to get unwanted surprises (read: software glitches or hardware defects) upon purchasing an Android device — or any other electronic devices for that matter. But how would you feel about buying a phone that comes with a built-in “backdoor” feature that allows others to manipulate the phone from afar for potentially unlawful purposes? That’s what ZTE has apparently admitted to have found in one of its Android phones in the US.
The Chinese phone maker has confirmed that the ZTE Score, which is sold through various carriers in the US, contains said security vulnerability. What’s even surprising is the fact that access to the backdoor is readily available thanks to hardcoded passwords, allowing anyone who has those passwords to easily gain control over the phone. This is something that the manufacturer found the hard way, after the passwords were posted on pastebin.com.
While reports mentioned the possibility that the backdoor is also found in ZTE’s other phones, namely the ZTE Skate, the manufacturer denied this and said that only the ZTE Score is affected. To deal with the publicity fiasco, ZTE said that it is “working on a security patch and expects to send the update over-the-air to affected users in the very near future.” It then urges affected users to download and install the security patch as soon as it becomes available.
So, is this a simple mishap on ZTE’s side or is there a more interesting backstory that can be turned into a box office movie? According to the co-founder of cybersecurity firm CrowdStrike, Dmitri Alperovitch, the security hole was deliberately left open, as it’s used by ZTE to send updates for the phone’s software. He boils it down to two possibilities: ZTE’s malicious intention or an oversight by the manufacturer’s programmers.
Which one do you think it is?