PDA

View Full Version : Backdoor found in ZTE Android phones



T_ADD
2012-05-17, 07:17 AM
Backdoor found in ZTE Android phones
By Michael Lee, ZDNet.com.au on May 15th, 2012 (15 hours ago)


Two mobile phones, developed by Chinese telecommunications device
manufacturer ZTE, have been found to carry a hidden backdoor, which can
be used to instantly gain root access with a password, that has been
hard-coded into the software.


NOTE: Password is: ztex1609523


Android devices typically ship with the user unable to run commands as
the "root user", in order to protect customers from any inadvertent
damage they could cause, and to reduce the chance of rogue applications
taking complete control of the device. However, following an anonymous
post to Pastebin, security researchers have found that ZTE has installed
an application on the Score M and the Skate mobile phones, which make
rooting these phones simple.


The post said:


There is a setuid-root [set user ID upon execution] application at
/system/bin/sync_agent that serves no function besides providing a root
shell backdoor on the device. Just give the magic, hard-coded password
to get a root shell.


The phone is available in the US and the UK, amongst other markets.
While no telco in Australia appears to be selling the Score M or Skate
mobile phones outright, it is still possible to purchase it online or
through smaller firms. ZTE has offices in Sydney and Melbourne, and is a
supplier of a large number of Telstra mobile phones, typically rebranded
as Telstra's own T- and F-series mobile phones. Telstra is aware of the
issue, and is in the process of testing its devices, to determine if the
backdoor exists on them.


"Our preliminary tests suggest that handsets supplied to Telstra are
unaffected by this issue. That said, we take device security very
seriously, and we are conducting more extensive testing to confirm our
initial findings. Should we discover any issues, we will contact
customers directly," Telstra said in a statement.


ZTE is also the company behind the Optus-branded MyTab tablet, which
runs Android.


ZDNet Australia contacted Optus to comment on whether its devices may be
affected, but did not receive a response at the time of writing.


Although Vodafone sells ZTE-branded USB modems, it does not sell any
Android devices from ZTE in Australia.


Former McAfee threat research vice president Dmitri Alperovitch is a
security researcher that has independently verified the original claim,
posting the password to the hidden application on Twitter.


Dmitri Alperovitch @DmitriCyber 14 May 12


@k_sec haven't independently verified myself


Dmitri Alperovitch @DmitriCyber


@DmitriCyber @k_sec We have just confirmed this. Password is
ztex1609523 in the backdoor
14 May 12


There are also a number of reports from users on Reddit, some who said
that there does not appear to be any way of remotely accessing the
backdoor. However, other users have pointed out that if the ****er wrote
another application to access the backdoor, it would be a trivial matter
to first root the device and then take complete control.

spatkad
2012-05-17, 02:34 PM
Backdoor found in ZTE Android phones
By Michael Lee, ZDNet.com.au on May 15th, 2012 (15 hours ago)


Two mobile phones, developed by Chinese telecommunications device
manufacturer ZTE, have been found to carry a hidden backdoor, which can
be used to instantly gain root access with a password, that has been
hard-coded into the software.


NOTE: Password is: ztex1609523


Android devices typically ship with the user unable to run commands as
the "root user", in order to protect customers from any inadvertent
damage they could cause, and to reduce the chance of rogue applications
taking complete control of the device. However, following an anonymous
post to Pastebin, security researchers have found that ZTE has installed
an application on the Score M and the Skate mobile phones, which make
rooting these phones simple.


The post said:


There is a setuid-root [set user ID upon execution] application at
/system/bin/sync_agent that serves no function besides providing a root
shell backdoor on the device. Just give the magic, hard-coded password
to get a root shell.


The phone is available in the US and the UK, amongst other markets.
While no telco in Australia appears to be selling the Score M or Skate
mobile phones outright, it is still possible to purchase it online or
through smaller firms. ZTE has offices in Sydney and Melbourne, and is a
supplier of a large number of Telstra mobile phones, typically rebranded
as Telstra's own T- and F-series mobile phones. Telstra is aware of the
issue, and is in the process of testing its devices, to determine if the
backdoor exists on them.


"Our preliminary tests suggest that handsets supplied to Telstra are
unaffected by this issue. That said, we take device security very
seriously, and we are conducting more extensive testing to confirm our
initial findings. Should we discover any issues, we will contact
customers directly," Telstra said in a statement.


ZTE is also the company behind the Optus-branded MyTab tablet, which
runs Android.


ZDNet Australia contacted Optus to comment on whether its devices may be
affected, but did not receive a response at the time of writing.


Although Vodafone sells ZTE-branded USB modems, it does not sell any
Android devices from ZTE in Australia.


Former McAfee threat research vice president Dmitri Alperovitch is a
security researcher that has independently verified the original claim,
posting the password to the hidden application on Twitter.


Dmitri Alperovitch @DmitriCyber 14 May 12


@k_sec haven't independently verified myself


Dmitri Alperovitch @DmitriCyber


@DmitriCyber @k_sec We have just confirmed this. Password is
ztex1609523 in the backdoor
14 May 12


There are also a number of reports from users on Reddit, some who said
that there does not appear to be any way of remotely accessing the
backdoor. However, other users have pointed out that if the ****er wrote
another application to access the backdoor, it would be a trivial matter
to first root the device and then take complete control.

I am no surprised because every telecom equipment(RAN and Core) from china has back doors on it that is why the United States does not want Chinese equipment.

Stantheman
2012-05-17, 03:49 PM
not at all surprising, much bigger things than this happen when it comes to monitoring and control .. like http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/1 interesting reading, and this is what we are allowed to find out about ... there is obviously far more we do not understand

"The former NSA official held his thumb and forefinger close together: “We are that far from a turnkey totalitarian (http://en.wikipedia.org/wiki/Totalitarianism) state.”