Oops! Engineers “forgot” root backdoor in ZTE Score M and ZTE Skate
A few months ago, the American mobile phone service provider MetroPCS launched, together with ZTE – the Chinese handset manufacturer – an affordable, entry level Android phone called the ZTE Score M. This Android 2.3.4 (Gingerbread) comes with a variety of features like a 3.5-inch HVGA touchscreen, a 600MHz CPU, a 3.2-megapixel camera, Wi-Fi, 4GB of internal memory, a microSD slot. Oh yeah, and a root backdoor!
Thanks to an anonymous post to Pastebin, details have now emerged that the device has a setuid-root binary (a program that runs with root privileges) in /system/bin/sync_agent that serves no function other than to provide a root shell backdoor. If you know the hard-coded password (ztex1609523) then you get unlimited root access to the phone.
It has also been confirmed that the ZTE Skate, which is sold by Orange in the U.K., has the same backdoor. Security researchers are scrambling to see if other ZTE devices suffer from the same security vulnerability.
But… Don’t Panic! The ZTE Score M and the ZTE Skate aren’t the best selling phones on the market and so the number of actual users affected is small.
Reactions on the Internet are varied. In response to an unofficial quote that ZTE will fix the problem one user wrote, “That’s like finding a camera in your shower and your landlord saying sorry about that, I’ll fix it soon.” While another added that “it’s a massive security hole.” However they did offer a solution, “it would also be fairly easy to fix. Use the backdoor to get root, delete the backdoor, close the shell, done.”
Do you own a ZTE Score M or a ZTE Skate? Does this revelation worry you? Or do you think it is a storm in a tea cup? Let us known by leaving a comment below.