One of the world’s top handset makers has acknowledged the existence of a backdoor in one of its models.
ZTE, which is based in China and produces the ScoreM, which sells as a Google Android phone, admitted that it had placed a backdoor account with a hardcoded password, which is easily found online. The backdoor was used by the company to remotely update its firmware, according to Reuters. But its existence would also allow anyone else with knowledge of the password to access a Score phone and gain root access.
“It could very well be that they’re not very good developers or they could be doing this for nefarious purposes,” Dmitri Alperovitch, co-founder of cybersecurity firm CrowdStrike, told the news service.
ZTE has vowed to fix the security hole.
“ZTE is actively working on a security patch and expects to send the update over-the-air to affected users in the very near future,” ZTE told Reuters. “We strongly urge affected users to download and install the patch as soon as it is rolled out to their devices.”