How to remove the backdoor from ZTE's Score M smartphone
Posted on 28 May 2012.
The existence of the recently discovered vulnerability in ZTE's Score M smartphone which allows any attacker in possession of the hardcoded password to access and take over the phone has been confirmed by the Chinese handset maker.

The company has also said that it has started working on a patch but, in the meantime, some security firms have taken it upon themselves to do the same thing, or at least, to find a workaround for the problem.

Trend Micro researcher Weichao Sun has published a set of instructions for removing the backdoor from the device:


1. Run the backdoor on an adb shell: /system/bin/sync_agent ztex1609523
2. To check which device your /system dir has mounted, use the command: mount. There should be a print out like below, note the device name underlined in red:


3. Remount the system partition as RW with command: mount –o remount,rw /your/device/name /system.
4. Remove the backdoor from the system with command: rm /system/bin/sync_agent.
5. Terminate the backdoor with ctrl+c.

Granted, the instructions aren't of much use to users who don't know how to go about implementing them - and that is most users - but are nonetheless welcome as ZTE is dragging its feet on this.






Spotlight

Cloned, booby-trapped Dark Web sites steal bitcoins, login credentials

Apart from being a way for dissidents and journalists to do their business without being spotted and identified by "the powers that be", the Dark Web is also a place where criminals sell and buy illegal wares and services and, apparently, where they also get robbed by scammers.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Jul 3rd
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //