An anonymous post made to Pastebin a week ago got Android forums buzzing, and caught our attention too. It described a root backdoor that was present in the ZTE Score on MetroPCS in the United States. All an app needed was a default password and it could gain root access to the device without any user interaction at all.
"I've never seen it before," said Dmitri Alperovitch, co-founder of cybersecurity firm, CrowdStrike, describing the vulnerability as "highly unusual."
While the problem has been known about since last week, it has only been confirmed today by ZTE and reported by the mainstream media. The Chinese firm said it was working on a patch.
"ZTE is actively working on a security patch and expects to send the update over-the-air to affected users in the very near future," ZTE said in an statement. "We strongly urge affected users to download and install the patch as soon as it is rolled out to their devices."
Reports also suggest that the ZTE Skate, sold by Orange in the UK, is also affected.
This news comes as ZTE and Huawei Technologies Co Ltd are under heavy scrutiny for allegedly being linked to the Chinese government. Both firms deny the allegations, but that hasn't stopped a U.S. congressional panel from approving a measure that will rid the U.S. nuclear-weapons complex of any technology that has been made by either firm.
Written by: James Delahunty @ 18 May 2012 17:07