• Root Shell Backdoor Found in ZTE Android 2.3.4 Phones

    by  • May 14, 2012 • News

    Root shell in ZTE android 2.3.4 phones in China - Geekblog TV

    Dmitri verifies the vulnerability and the password to access the root shell

    Android 2.3.4 Phones from ZTE, a Chinese telecommunications company, contain a root-access shell backdoor. This allows virtually anyone who knows the right password to remote into the phone with full privilege to read and write files, run low-level commands and execute low-level command, effectively allowing unlimited access and control of the device. Thanks to Dmitri Alperovitch (@DmitriCyber) from CrowdStrike for verifying and reporting.

    As you see in the screenshot, the password to access the phone is “ztex1609523″. Presumably this backdoor was put in place by the carrier, in accordance with the Chinese government. As of right now this backdoor is not believed to exist elsewhere.

    If you are concerned that your phone has malicious software, spyware, or backdoors, you can take measures to protect yourself, such as using encrypted VPN to proxy your network activity, or re-image your phone with a custom rom such as CyanogenMod.

    About

    Founder/Author of SpeakingCode.com, BitwigIt.com, Tractivism.tk, etc. Professional software developer with experience in embedded systems, wireless and mobile applications, smart phone apps, enterprise software and web development, etc. Twitter: @rootlicker

    http://SpeakingCode.com