Former Writer · May 14, 2012 at 05:30 pm

Users Beware, ZTE Root Backdoor Found

What began as a simple root method has now spiraled to talk of a backdoor in ZTE devices. There is a flaw in some ZTE devices that can give root to any app that knows how to ask for it. For some users, this may sound cool because that means root is all that much easier to obtain, but one only needs to read between the lines to realize the risks involved.

The backdoor allows any application to obtain root with a simple password. Once the password is entered, the app is given full root privileges. This can include benevolent applications like Titanium Backup, but it could also include malware. The speculation by developers who have taken a look at the submitted code, including XDA Recognized Developer shabbypenguin and XDA Elite Recognized Developer jcase, is that ZTE left this enabled by accident as an engineering tool and simply forgot to remove it before releasing the affected devices. According to shabbypenguin:

problem is as you can see from teh pastebin all it requires is just a simple password and rooted shell is handed over…at this time there is no evidence to even support that this can even remotely being activated, however this is a big security concern regardless. for all intents and purposes this could be a debugging tool left in, however just seems oddly convenient for multiple software versions on separate phones on separate carriers

Naturally, word spread like wildfire and ZTE has promised to patch this giant security risk. However until then, the best piece of advice is to be very careful what you download because if the right piece of malware knows how to exploit this security hole, there’s nothing you can do to stop it.

More information about the backdoor can be found on Reddit and Pastebin showing how the exploit works.


_________
Want something on the XDA Portal? Send us a tip!

Former Writer

Former Writer is an editor on XDA-Developers, the largest community for Android users. View Former Writer's posts and articles here.
Mario Tomás Serrafero · Jul 28, 2015 at 10:07 am · no comments

Two New Moto X and New Moto G – Specs & Details

Today’s Moto event just ended and now we have a clear look at all of Motorola’s upcoming phones, including not one but two refreshed versions of their Moto X line. So how do these phones stack up against the competition? Motorola promises no compromises for affordable prices in every bracket, and this is what they have to offer:     Motorola wanted to focus on 5 aspects: meaningful exchanges, making and sharing memories, Self Expression, being always there for you...

XDA NEWS
Jimmy McGee · Jul 28, 2015 at 06:00 am · 2 comments

How Strong Is Your Connection? – XDA Xposed Tuesday

Everyone is always talking about their bars. How many bars of WiFi do they have? How many bars of 4G? What does a bar really represent? Does it give you any indication of the “strength” of the signal? Does it give you the throughput? If you had this information, you could know more about your data connections. In this episode of XDA Xposed Tuesday, XDA TV Producer TK reviews an Xposed Module that gives you the ability to put certain...

XDA NEWS
Mario Tomás Serrafero · Jul 27, 2015 at 11:29 pm · 2 comments

OnePlus 2 Announced: Specs, Price and Details

The OnePlus 2 has just had its Virtual Reality Launch event, and at the XDA Office we all watched it live to see the new Flagship Killer attempt to make us never settle for anything else. The event itself was streamed through the OnePlus 2 Launch application, and now that it is over, we know plenty about the specifications and everything the new device is offering.   The device features a premium design with metal edges and buttons and a...

XDA NEWS