Chinese telecom gear maker ZTE, which produces the Android based ScoreM smartphone, confirms that there is a security hole in one of its models. The hole, usually called a backdoor, allows anyone with the handsets hardwired password gain root access to any Score phone. This security hole is described by a researcher to be “highly unusual.”
According to reports, ZTE was using the backdoor to remotely update the phones firmware. The question is whether this was just a matter of sloppy programming or the phone maker had any malicious purpose.
Dmitri Alperovitch, co-founder of cybersecurity firm CrowdStrike said, “It could very well be that they’re not very good developers or they could be doing this for nefarious purposes.”
The security issue on the phone surfaced through an anonymous posting in a code sharing site named pastebin.com. People are saying that this security issue is prevalent in ZTE Skate phone also. But, ZTE has denied the latter allegation, and said that the company is working on a security patch for Score M.
ZTE told Reuters, “ZTE is actively working on a security patch and expects to send the update over-the-air to affected users in the very near future. We strongly urge affected users to download and install the patch as soon as it is rolled out to their devices.”