# Backdoor found in ZTE made Android Devices



## yarly (Jun 22, 2011)

http://pastebin.com/wamYsqTV


```
The ZTE Score M is an Android 2.3.4 (Gingerbread) phone available in the United States on MetroPCS, made by Chinese telecom ZTE Corporation.<br />
<br />
There is a setuid-root application at /system/bin/sync_agent that serves no function besides providing a root shell backdoor on the device. Just give the magic, hard-coded password to get a root shell:<br />
<br />
$ sync_agent ztex1609523<br />
# id<br />
uid=0(root) gid=0(root)<br />
<br />
Nice backdoor, ZTE.
```
ZTE is a chinese company that makes phones over in china and for US companies like MetroPCS.


----------



## ars0n (Jan 25, 2012)

How does this shit get sold to us?


----------



## yarly (Jun 22, 2011)

It was probably laziness by some developer/engineer to get around permissions issues and didn't take it out.

That or you can buy into the conspiracy theories that the Chinese government was behind it and puts pressure on businesses there to put backdoors into electronics they sell.

They're allegedly going to fix it, which probably means "We'll switch to using a different backdoor you're not aware of, yet."


----------

