The company has also said that it has started working on a patch but, in the meantime, some security firms have taken it upon themselves to do the same thing, or at least, to find a workaround for the problem.
Trend Micro researcher Weichao Sun has published a set of instructions for removing the backdoor from the device:
1. Run the backdoor on an adb shell: /system/bin/sync_agent ztex1609523
2. To check which device your /system dir has mounted, use the command: mount. There should be a print out like below, note the device name underlined in red:
3. Remount the system partition as RW with command: mount ľo remount,rw /your/device/name /system.
4. Remove the backdoor from the system with command: rm /system/bin/sync_agent.
5. Terminate the backdoor with ctrl+c.
Granted, the instructions aren't of much use to users who don't know how to go about implementing them - and that is most users - but are nonetheless welcome as ZTE is dragging its feet on this.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.