How to remove the backdoor from ZTE's Score M smartphone
Posted on 28 May 2012.
The existence of the recently discovered vulnerability in ZTE's Score M smartphone which allows any attacker in possession of the hardcoded password to access and take over the phone has been confirmed by the Chinese handset maker.

The company has also said that it has started working on a patch but, in the meantime, some security firms have taken it upon themselves to do the same thing, or at least, to find a workaround for the problem.

Trend Micro researcher Weichao Sun has published a set of instructions for removing the backdoor from the device:


1. Run the backdoor on an adb shell: /system/bin/sync_agent ztex1609523
2. To check which device your /system dir has mounted, use the command: mount. There should be a print out like below, note the device name underlined in red:


3. Remount the system partition as RW with command: mount ľo remount,rw /your/device/name /system.
4. Remove the backdoor from the system with command: rm /system/bin/sync_agent.
5. Terminate the backdoor with ctrl+c.

Granted, the instructions aren't of much use to users who don't know how to go about implementing them - and that is most users - but are nonetheless welcome as ZTE is dragging its feet on this.






Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Sep 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //