Are ZTE shipping some Android devices with a root 'back door'? It certainly appears that way based on a tip given anonymously to @TeamAndIRC and verified by some of our readers!
The tip, which originally was given to TeamAndIRC via pastebin, read:
The ZTE Score M is an Android 2.3.4 (Gingerbread) phone available in the United States on MetroPCS, made by Chinese telecom ZTE Corporation.
There is a setuid-root application at /system/bin/sync_agent that serves no function besides providing a root shell backdoor on the device. Just give the magic, hard-coded password to get a root shell:
$ sync_agent ztex1609523
Nice backdoor, ZTE.
A bit of a security hole for sure! MoDaCo member TheDeadCpu confirmed that this method is working not just on the device mentioned but on a WWE spec ZTE Skate too. The file doesn't however appear to be present in my old Orange San Francisco ROM, nor in a San Francisco II ROM, so it may be limited to specific devices.
We've reached out to ZTE for comment (and will update here as soon as possible) but, well, it doesn't instil confidence does it...?