Oops! Engineers “forgot” root backdoor in ZTE Score M and ZTE Skate

by: Gary SimsMay 14, 2012

zte logo

A few months ago, the American mobile phone service provider MetroPCS launched, together with ZTE – the Chinese handset manufacturer – an affordable, entry level Android phone called the ZTE Score M. This Android 2.3.4 (Gingerbread) comes with a variety of features like a 3.5-inch HVGA touchscreen, a 600MHz CPU, a 3.2-megapixel camera,  Wi-Fi, 4GB of internal memory, a microSD slot. Oh yeah, and a root backdoor!

Thanks to an anonymous post to Pastebin, details have now emerged that the device has a setuid-root binary (a program that runs with root privileges) in /system/bin/sync_agent that serves no function other than to provide a root shell backdoor. If you know the hard-coded password (ztex1609523) then you get unlimited root access to the phone.

It has also been confirmed that the ZTE Skate, which is sold by Orange in the U.K., has the same backdoor. Security researchers are scrambling to see if other ZTE devices suffer from the same security vulnerability.

But… Don’t Panic! The ZTE Score M and the ZTE Skate aren’t the best selling phones on the market and so the number of actual users affected is small.

Reactions on the Internet are varied. In response to an unofficial quote that ZTE will fix the problem one user wrote, “That’s like finding a camera in your shower and your landlord saying sorry about that, I’ll fix it soon.” While another added that “it’s a massive security hole.” However they did offer a solution, “it would also be fairly easy to fix. Use the backdoor to get root, delete the backdoor, close the shell, done.”

Do you own a ZTE Score M or a ZTE Skate? Does this revelation worry you? Or do you think it is a storm in a tea cup? Let us known by leaving a comment below.

  • Any word on whether this applies to the ZTE Score on Cricket Wireless?

  • Dude

    Root! We live root

  • dan

    why care? it’s not like i’m agent 007

  • jflogeta

    thank you now i can finally root my phone

  • I downloaded an app to check for backdoor/root capabilities but everytime i try to download the root app, it tells me download unsuccessful and doesnt root it. Tried to download the reboot to recovery program and still doesnt work. Im trying to root without pc since my pc is down. Does it work with the Cricket Wireless phone or is it just for regular phone companies?

  • paule0217

    I know how to root it

    • Oscar Oldendorp

      Well then tell us how!

  • alipok

    i need to root my android staradict by sfr v2.3.5 pleas