How to remove the backdoor from ZTE's Score M smartphone
Posted on 28 May 2012.
Bookmark and Share
The existence of the recently discovered vulnerability in ZTE's Score M smartphone which allows any attacker in possession of the hardcoded password to access and take over the phone has been confirmed by the Chinese handset maker.

The company has also said that it has started working on a patch but, in the meantime, some security firms have taken it upon themselves to do the same thing, or at least, to find a workaround for the problem.

Trend Micro researcher Weichao Sun has published a set of instructions for removing the backdoor from the device:


1. Run the backdoor on an adb shell: /system/bin/sync_agent ztex1609523
2. To check which device your /system dir has mounted, use the command: mount. There should be a print out like below, note the device name underlined in red:


3. Remount the system partition as RW with command: mount –o remount,rw /your/device/name /system.
4. Remove the backdoor from the system with command: rm /system/bin/sync_agent.
5. Terminate the backdoor with ctrl+c.

Granted, the instructions aren't of much use to users who don't know how to go about implementing them - and that is most users - but are nonetheless welcome as ZTE is dragging its feet on this.






Spotlight

Attackers use reflection techniques for larger DDoS attacks

Posted on 17 April 2014.  |  Instead of using a network of zombie computers, newer DDoS toolkits abuse Internet protocols that are available on open or vulnerable servers and devices. This approach can lead to the Internet becoming a ready-to-use botnet for malicious actors.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Apr 18th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //