Posted on 05/14/2012 5:24:37 PM PDT by Theoria
If anyone reading this owns a ZTE Score M Android smartphone, your device has been found to include a backdoor allowing root access without user authentication.
The discovery of the backdoor comes via a post on the text storage website Pastebin. It has since been confirmed via Reddit by Justin Case of Cunning Logic and TeamAndIRC. He has confirmed with someone at ZTE that the backdoor does indeed exist and that a fix is in the works.
The question that needs to be asked is, why is it there at all?
Apparently the handset includes a hard-coded password that allows access to a root shell, effectively opening up the phone to any person in possession of said password.
As the Score M is a Gingerbread phone available in the U.S. through MetroPCS, Google will surely be asking questions as to why such a back door was allowed to ship as part of the handsets default install.
ZTE is a Chinese company counted as the fifth-largest telecoms equipment manufacturer in the world behind Ericsson, Huawei, Alcatel-Lucent, and Nokia Siemens Networks. It manufacturers a range of networking equipment alongside producing equipment for other companies as an original equipment manufacturer (OEM).
ZTE is no stranger to controversy and has been linked to bribing officials on several occasions in order to win contracts. What needs to be established now is whether the backdoor on the Score M was a deliberate inclusion, and if it was, what other ZTE products may also carry the same access.
More at Pastebin
so many ways to play this...
I’m sure it’s nothing nefarious.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.