ZTE Score M Android 2.3.4 backdoor vulnerability


ZTE of China has revealed the existence of a backdoor in its Score M Android 2.3.4 Gingerbread smartphone which would be used for handling the install and uninstall of apps. The root shell backdoor vulnerability was posted on Pastebin. First up, this root shell access is actually used in development by manufacturers, but what is clear is that the backdoor should have been disabled. It does however appear that ZTE and MetroPCS are using this root shell to install and uninstall apps and in particular software updates (otherwise referred to as ‘fragmentation’). ZTE have confirmed the vulnerability on their Score M devices, but it isn’t clear whether the same backdoor affects other mobile phone models.

ZTE is working on an OTA (over-the-air) security patch, but hasn’t indicated when this patch will be made available to end users. It’s well known that legitimate Google-supported APIs can open backdoors but actually don’t introduce any security issues. Read more....

June 1, 2012
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023