Former Writer · May 14, 2012 at 05:30 pm

Users Beware, ZTE Root Backdoor Found

What began as a simple root method has now spiraled to talk of a backdoor in ZTE devices. There is a flaw in some ZTE devices that can give root to any app that knows how to ask for it. For some users, this may sound cool because that means root is all that much easier to obtain, but one only needs to read between the lines to realize the risks involved.

The backdoor allows any application to obtain root with a simple password. Once the password is entered, the app is given full root privileges. This can include benevolent applications like Titanium Backup, but it could also include malware. The speculation by developers who have taken a look at the submitted code, including XDA Recognized Developer shabbypenguin and XDA Elite Recognized Developer jcase, is that ZTE left this enabled by accident as an engineering tool and simply forgot to remove it before releasing the affected devices. According to shabbypenguin:

problem is as you can see from teh pastebin all it requires is just a simple password and rooted shell is handed over…at this time there is no evidence to even support that this can even remotely being activated, however this is a big security concern regardless. for all intents and purposes this could be a debugging tool left in, however just seems oddly convenient for multiple software versions on separate phones on separate carriers

Naturally, word spread like wildfire and ZTE has promised to patch this giant security risk. However until then, the best piece of advice is to be very careful what you download because if the right piece of malware knows how to exploit this security hole, there’s nothing you can do to stop it.

More information about the backdoor can be found on Reddit and Pastebin showing how the exploit works.


_________
Want something on the XDA Portal? Send us a tip!

Former Writer

Former Writer is an editor on XDA-Developers, the largest community for Android users. View Former Writer's posts and articles here.
Emil Kako · May 23, 2015 at 12:31 pm · 3 comments

Which Features from Apple Watch Do You Think Android Wear Will Copy?

The Apple Watch and Android Wear are both growing platforms. Now that we've gotten the chance to see both of them in-depth, we can get a good idea of which directions the two are headed. We recently did a discussion and asked you what you thought the Apple Watch would copy from Android Wear. Today, we ask you the opposite. Which features do you think Android Wear will copy from the Apple Watch and why?

DISCUSS
Mario Tomás Serrafero · May 23, 2015 at 12:00 pm · 4 comments

XDA Picks: Best Apps of the Week (May 15 – 22)

Apps are at the front and center of any smartphone experience, and with over a million apps on the Google Play Store and new apps being submitted to our forums every day, staying up to date on the latest apps and games can be a hassle. At XDA we don’t discriminate apps - if it’s interesting, innovative, original or useful, we mention them. The XDA Portal Team loves apps too, and here are our top picks for this week.  ...

XDA NEWS
Emil Kako · May 22, 2015 at 10:35 pm · 5 comments

Other than XDA (of Course), What’s Your Favorite Site That Covers Android?

There is a number of other great sites that cover Android, so we're wondering which other sites our community likes to frequent. Tell us your favorite Android website and what about the site that makes it your favorite.

DISCUSS
Share This