Former Writer · May 14, 2012 at 05:30 pm

Users Beware, ZTE Root Backdoor Found

What began as a simple root method has now spiraled to talk of a backdoor in ZTE devices. There is a flaw in some ZTE devices that can give root to any app that knows how to ask for it. For some users, this may sound cool because that means root is all that much easier to obtain, but one only needs to read between the lines to realize the risks involved.

The backdoor allows any application to obtain root with a simple password. Once the password is entered, the app is given full root privileges. This can include benevolent applications like Titanium Backup, but it could also include malware. The speculation by developers who have taken a look at the submitted code, including XDA Recognized Developer shabbypenguin and XDA Elite Recognized Developer jcase, is that ZTE left this enabled by accident as an engineering tool and simply forgot to remove it before releasing the affected devices. According to shabbypenguin:

problem is as you can see from teh pastebin all it requires is just a simple password and rooted shell is handed over…at this time there is no evidence to even support that this can even remotely being activated, however this is a big security concern regardless. for all intents and purposes this could be a debugging tool left in, however just seems oddly convenient for multiple software versions on separate phones on separate carriers

Naturally, word spread like wildfire and ZTE has promised to patch this giant security risk. However until then, the best piece of advice is to be very careful what you download because if the right piece of malware knows how to exploit this security hole, there’s nothing you can do to stop it.

More information about the backdoor can be found on Reddit and Pastebin showing how the exploit works.


_________
Want something on the XDA Portal? Send us a tip!
GermainZ · Mar 5, 2015 at 01:50 pm · no comments

HTC to Replace Swype with TouchPal

According to engadget (citing TouchPal as well as an internal source), HTC aims to replace Swype with TouchPal as the default input method in upcoming devices, including the new HTC One M9. The official TouchPal Twitter account also tweeted the engadget article about this, further confirming the move. What prompted this move? The CEO of CooTek, the company behind TouchPal, says it's because of their better contextual prediction and language support. If you actually look at the supported languages, you'll...

XDA NEWS
Emil Kako · Mar 5, 2015 at 12:10 pm · no comments

Do You Think the Apple Watch Will Be a Huge Success?

Many people are under the impression that once Apple finally launches its smartwatch, the market for wearables will suddenly become mainstream and be taken to the next level. Taking an idea that already exists and making it incredibly successful isn't something new to Apple, but does the Apple Watch have what it takes? The wearable hasn't even shipped yet, but has already won multiple awards and has been featured on numerous fashion magazine covers. Do you think the Apple Watch will be a huge success? Let us know your thoughts.

DISCUSS
Mario Tomás Serrafero · Mar 5, 2015 at 10:09 am · no comments

Huawei: A Giant the Western World Should Look Out For

The smartphone landscape is drastically changing its focus. What was once a North-America-centric monopoly of high-specification phones is now merely an afterimage of the past. The meat of the game is elsewhere now; emerging markets looking for good bang-for-buck are what OEMs are increasingly aiming towards, and in this new game the old players must adapt-or-die. Xiaomi has grown at one of the most notable rates in the industry, leading it to become the world's most valuable start-up; and its...

XDA NEWS
Share This