• Sign in to follow this  
    Followers 0

    Are ZTE shipping some Android devices with a root 'back door'?


    Are ZTE shipping some Android devices with a root 'back door'? It certainly appears that way based on a tip given anonymously to @TeamAndIRC and verified by some of our readers!

    The tip, which originally was given to TeamAndIRC via pastebin, read:

    The ZTE Score M is an Android 2.3.4 (Gingerbread) phone available in the United States on MetroPCS, made by Chinese telecom ZTE Corporation.

    There is a setuid-root application at /system/bin/sync_agent that serves no function besides providing a root shell backdoor on the device. Just give the magic, hard-coded password to get a root shell:

    $ sync_agent ztex1609523

    # id

    uid=0(root) gid=0(root)

    Nice backdoor, ZTE.

    A bit of a security hole for sure! MoDaCo member TheDeadCpu confirmed that this method is working not just on the device mentioned but on a WWE spec ZTE Skate too. The file doesn't however appear to be present in my old Orange San Francisco ROM, nor in a San Francisco II ROM, so it may be limited to specific devices.

    We've reached out to ZTE for comment (and will update here as soon as possible) but, well, it doesn't instil confidence does it...?


    1
    Sign in to follow this  
    Followers 0


    User Feedback


    Posted

    not found on zte tureis

    0

    Share this comment


    Link to comment
    Share on other sites

    Posted

    Given how shockingly poor ZTE's ability to exercise version control over their source code has been proven to be this really doesn't surprise me.

    It's probably some intern's code that shipped because they didn't know it was there.

    Fail, pure fail.

    0

    Share this comment


    Link to comment
    Share on other sites

    Posted

    Can this backdoor be exploited remotely or only if you have the device?

    Sorry if it a bit of a noob question but had a Skate and now have the G300 which also has a big security hole.

    0

    Share this comment


    Link to comment
    Share on other sites


    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!


    Register a new account

    Sign in

    Already have an account? Sign in here.


    Sign In Now

MoDaCo is part of the MoDaCo.network, © Paul O'Brien 2002-2015. MoDaCo uses IntelliTxt technology.