Jump to content


Sponsored Links

Recent Columns

  • James Norton's Photo
    The James Norton Column: Camera Shoot-out

    The James Norton column

  • James Norton's Photo
    The James Norton Column: The MoDaCo Man

    The James Norton column


Recent Articles

  • icon
    MoDaCo Mobile Week 77 is live on air tonight

    James Norton -

  • icon
    One small step for Microsoft

    Tom Hopkins -

  • icon
    MMW 76 - G man!

    PaulOBrien -

  • icon
    MMW 75 - I/OMG what the L?!?

    PaulOBrien -

  • icon
    EXCLUSIVE: Blinkbox to get Chromecast support, improved Android apps, WP app and more

    PaulOBrien -

  • icon
    Mastering Tasker - 4: PIN locking via Bluetooth Smart proximity

    PaulOBrien -


Recent Article Comments

  • awarner's Photo
    One small step for Microsoft

    awarner -

  • James Norton's Photo
    MoDaCo Mobile Week 77 is live on air tonight

    James Norton -

  • tarquino's Photo
    MMW 76 - G man!

    tarquino -

  • glossywhite's Photo
    MoDaCo Mobile Week 76 - coming to you tonight

    glossywhite -

  • PaulOBrien's Photo
    MMW 75 - I/OMG what the L?!?

    PaulOBrien -

  • jesse-pink's Photo
    Hands on with Z2 and M8 third party docks

    jesse-pink -


Sponsored Links

Recent Topics

  • nichealmond's Photo
    Jacob Ng Community

    nichealmond -

  • Coreyz0rZ's Photo
    No SIM card/Audio Problems (Internal Speaker) !!!FIX!!!

    Coreyz0rZ -

  • Coreyz0rZ's Photo
    Audio Problems - Ascend Y300-0151

    Coreyz0rZ -

  • MIERZVINSKI's Photo
    Slow touch responses CM11 [4.4.4]

    MIERZVINSKI -

  • Tom Hopkins's Photo
    One small step for Microsoft

    Tom Hopkins -

  • Karsakoff's Photo
    Android L Theme GoKeyboard

    Karsakoff -


Recent Replies

  • emc02's Photo
    [DEV][ROM] [10.7] CyanogenMod 11.0 (Android 4.4.4)

    emc02 -

  • awarner's Photo
    One small step for Microsoft

    awarner -

  • borsosg's Photo
    Coolpad F1 8297w - Review / Info / Software / Custom Roms

    borsosg -

  • Ntropy's Photo
    [ROM] Huddsdroid 2.0 (4.2.4.82093) with Google Now Launcher

    Ntropy -

  • CaptainMidnight's Photo
    ClockworkMod Recovery (v6.0.3.1) for rkflashtool, built by hal2710

    CaptainMidnight -

  • internectual's Photo
    [KK] [4.4.3] CyanogenMod 11.0 [ROM] [ALL] [NIGHTLY BUILDS AVAILABLE]

    internectual -


Sponsored Links



- - - - -

Are ZTE shipping some Android devices with a root 'back door'?


Are ZTE shipping some Android devices with a root 'back door'? It certainly appears that way based on a tip given anonymously to @TeamAndIRC and verified by some of our readers!

The tip, which originally was given to TeamAndIRC via pastebin, read:

The ZTE Score M is an Android 2.3.4 (Gingerbread) phone available in the United States on MetroPCS, made by Chinese telecom ZTE Corporation.

There is a setuid-root application at /system/bin/sync_agent that serves no function besides providing a root shell backdoor on the device. Just give the magic, hard-coded password to get a root shell:

$ sync_agent ztex1609523
# id
uid=0(root) gid=0(root)

Nice backdoor, ZTE.


A bit of a security hole for sure! MoDaCo member TheDeadCpu confirmed that this method is working not just on the device mentioned but on a WWE spec ZTE Skate too. The file doesn't however appear to be present in my old Orange San Francisco ROM, nor in a San Francisco II ROM, so it may be limited to specific devices.

We've reached out to ZTE for comment (and will update here as soon as possible) but, well, it doesn't instil confidence does it...?

About the author

PaulOBrien's Photo
Paul O'Brien founded MoDaCo in 2002 as a site focused on Windows Smartphones and has grown it since then by concentrating on providing a friendly community for both experienced and beginner mobile enthusiasts.

  • 0


3 Comments

not found on zte tureis
    • 0
Given how shockingly poor ZTE's ability to exercise version control over their source code has been proven to be this really doesn't surprise me.

It's probably some intern's code that shipped because they didn't know it was there.

Fail, pure fail.
    • 0
Photo
Christian Edwards
May 10 2012 11:25 PM
Can this backdoor be exploited remotely or only if you have the device?
Sorry if it a bit of a noob question but had a Skate and now have the G300 which also has a big security hole.
    • 0