Former Writer · May 14, 2012 at 05:30 pm

Users Beware, ZTE Root Backdoor Found

What began as a simple root method has now spiraled to talk of a backdoor in ZTE devices. There is a flaw in some ZTE devices that can give root to any app that knows how to ask for it. For some users, this may sound cool because that means root is all that much easier to obtain, but one only needs to read between the lines to realize the risks involved.

The backdoor allows any application to obtain root with a simple password. Once the password is entered, the app is given full root privileges. This can include benevolent applications like Titanium Backup, but it could also include malware. The speculation by developers who have taken a look at the submitted code, including XDA Recognized Developer shabbypenguin and XDA Elite Recognized Developer jcase, is that ZTE left this enabled by accident as an engineering tool and simply forgot to remove it before releasing the affected devices. According to shabbypenguin:

problem is as you can see from teh pastebin all it requires is just a simple password and rooted shell is handed over…at this time there is no evidence to even support that this can even remotely being activated, however this is a big security concern regardless. for all intents and purposes this could be a debugging tool left in, however just seems oddly convenient for multiple software versions on separate phones on separate carriers

Naturally, word spread like wildfire and ZTE has promised to patch this giant security risk. However until then, the best piece of advice is to be very careful what you download because if the right piece of malware knows how to exploit this security hole, there’s nothing you can do to stop it.

More information about the backdoor can be found on Reddit and Pastebin showing how the exploit works.


_________
Want something on the XDA Portal? Send us a tip!

Former Writer

Former Writer is an editor on XDA-Developers, the largest community for Android users. View Former Writer's posts and articles here.
Faiz Malkani · Mar 31, 2015 at 10:59 am · 1 comment

Xiaomi Announces Redmi 2A and More for 5th Anniversary

Xiaomi was founded on April 6th, 2010 and its fifth anniversary is just around the corner. In the past five years, the company has grown by leaps and bounds, rising to the positions of largest smartphone OEM in China and third-largest globally and coupled with its expansion plans and 100 million sales benchmark, this anniversary warranted a fervent celebration. After teasing products on its forums for a few days, Xiaomi held the anniversary event earlier today and staying true to the...

XDA NEWS
Tomek Kondrat · Mar 31, 2015 at 10:00 am · 2 comments

The History of Flagships: Part III – HTC

A few months ago, we came up with the idea of presenting the history of flagship devices released by some of the major Android OEMs. In this, we've had the pleasure of bringing you the stories of Sony (Ericsson) and Samsung. Now, it's time for our third and final installment. This is a very special episode, as the OEM I will talk about was heavily connected to Android and the beginnings of XDA as a whole. Yes, I'm talking about HTC, the...

XDA NEWS
Jimmy McGee · Mar 31, 2015 at 07:00 am · 2 comments

Fix Lollipop Memory Leak – XDA Xposed Tuesday

Unfortunately there was a memory leak in Android 5.0.x Lollipop. Thankfully it was fixed in Android 5.1. However, at the time of this video Xposed Framework doesn’t have Android 5.1 support. So you are faced with a choice of fixing the memory leak or running your Xposed Modules. Or are you? In this episode of XDA Xposed Tuesday, XDA TV Producer TK reviews an Xposed Module that adds the Android 5.1 memory fix to pre 5.1 Lollipop devices. The module...

XDA NEWS
Share This