Former Writer · May 14, 2012 at 05:30 pm

Users Beware, ZTE Root Backdoor Found

What began as a simple root method has now spiraled to talk of a backdoor in ZTE devices. There is a flaw in some ZTE devices that can give root to any app that knows how to ask for it. For some users, this may sound cool because that means root is all that much easier to obtain, but one only needs to read between the lines to realize the risks involved.

The backdoor allows any application to obtain root with a simple password. Once the password is entered, the app is given full root privileges. This can include benevolent applications like Titanium Backup, but it could also include malware. The speculation by developers who have taken a look at the submitted code, including XDA Recognized Developer shabbypenguin and XDA Elite Recognized Developer jcase, is that ZTE left this enabled by accident as an engineering tool and simply forgot to remove it before releasing the affected devices. According to shabbypenguin:

problem is as you can see from teh pastebin all it requires is just a simple password and rooted shell is handed over…at this time there is no evidence to even support that this can even remotely being activated, however this is a big security concern regardless. for all intents and purposes this could be a debugging tool left in, however just seems oddly convenient for multiple software versions on separate phones on separate carriers

Naturally, word spread like wildfire and ZTE has promised to patch this giant security risk. However until then, the best piece of advice is to be very careful what you download because if the right piece of malware knows how to exploit this security hole, there’s nothing you can do to stop it.

More information about the backdoor can be found on Reddit and Pastebin showing how the exploit works.


_________
Want something on the XDA Portal? Send us a tip!

Former Writer

Former Writer is an editor on XDA-Developers, the largest community for Android users. View Former Writer's posts and articles here.
Mario Tomás Serrafero · May 6, 2015 at 04:56 pm · 1 comment

On Qualcomm’s Damage Control: Marketing and Rumors?

The Heated Snapdragon chronicles seemingly see no end, and 5 months into 2015 we are still discussing the Snapdragon 810. This is unfortunate, because it is rather clear that the market is moving away from it, and it’d be better to simply forget about this black stain once and for all. However, many websites can’t let it go - and in some ways, we are one of them - but only in response to claims that we think affect consumers...

XDA NEWS
Aamir Siddiqui · May 6, 2015 at 01:32 pm · 3 comments

Xiaomi Mi Note Pro With SD-810 Goes On Sale In China

The Xiaomi Mi Note Pro, announced on 15th Jan 2015, is Xiaomi's attempt at moving beyond the entry-level segment and targeting the higher end of the market which is usually Apple territory. At its heart, the phone follows on the Xiaomi philosophy by providing great specs at a great price. Talking about specs, the Xiaomi Mi Note Pro is a marked improvement over the Mi Note. While the dimensions and screen size remain the same, the resolution has received a...

XDA NEWS
Mathew Brack · May 6, 2015 at 11:47 am · 2 comments

Project Fi Invites Are Rolling Out

Google is now sending out the first wave of invites to its new wireless service, Project Fi. Users are already signing up and have shared the process with us. So far, it is clear that Project Fi users can have their Google Voice number transferred across if they wish, which will automatically move their Google Voice credit over as well.   What we have learned so far is that after a Voice number is transferred you will lose some functionality, but you will...

XDA NEWS
Share This