ZTE Score M Android 2.3.4 backdoor vulnerability


ZTE of China has revealed the existence of a backdoor in its Score M Android 2.3.4 Gingerbread smartphone which would be used for handling the install and uninstall of apps. The root shell backdoor vulnerability was posted on Pastebin. First up, this root shell access is actually used in development by manufacturers, but what is clear is that the backdoor should have been disabled. It does however appear that ZTE and MetroPCS are using this root shell to install and uninstall apps and in particular software updates (otherwise referred to as ‘fragmentation’). ZTE have confirmed the vulnerability on their Score M devices, but it isn’t clear whether the same backdoor affects other mobile phone models. ZTE is working on an OTA (over-the-air) security patch, but hasn’t indicated when this patch will be made available to end users. It’s well known that legitimate Google-supported APIs can open backdoors but actually don’t introduce any....

June 1, 2012
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.

What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4


We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.