• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Root [Boost Mobile] ZTE backdoor?

J

jremy23

Newbie
Apparently the ZTE skate and the score m, both have root shell backdoor access that can be exploited by malware and other malicious apps. I just wanted to ask if this is also on the warp?

Here's a link to the pastebin

And the reddit thread

Apparently its easy to fix, but I just want to make sure this isn't on my phone.
 
jremy23 said:
Apparently the ZTE skate and the score m, both have root shell backdoor access that can be exploited by malware and other malicious apps. I just wanted to ask if this is also on the warp?

Here's a link to the pastebin

And the reddit thread

Apparently its easy to fix, but I just want to make sure this isn't on my phone.
Click to expand...
Any .bat that roots your phone, ( which is basically using an exploit ), will sometimes in anti virus software show up as PuP/adware/malware...b/c technically we're exploiting linux by rooting the phone. I believe this is what your speaking of and it's not an issue to worry about.
 
No... there's a Backdoor that zte has in their phones that allows for anyone to achieve root through entering a password... which basically would make it even easier to exploit Linux and raises a few security concerns

Sent from my N860 using Tapatalk 2 Beta-5
 
jetx2x said:
No... there's a Backdoor that zte has in their phones that allows for anyone to achieve root through entering a password... which basically would make it even easier to exploit Linux and raises a few security concerns

Sent from my N860 using Tapatalk 2 Beta-5
Click to expand...
Was not aware of that, but theres ALWAYS a backdoor, even when you think your covered. ;\. (Studying for certified ethical hacker cert.)
 
I didn't either till I read the post... lol... it may or may not be on our warps but I don't know

Sent from my N860 using Tapatalk 2 Beta-5
 
Hey for all we know, Chev and Shin may be working together and they have keyloggers in both their roms, and split the profits on identity theft ;P, jkjk

sorry that was a stupid joke, both chev and shin are awesome guys dedicated and producing amazing work, thanks guys.
 
This kind of discussion just makes me angry, every device has some sort of backdoor whether its ' exposed ' or not, apple IOS most likely has something similar, if there were no backdoor's on devices whether mobile or non mobile, there would be no such thing as network security/migration. Unless your allowing a 3rd party app that is malicious to access this exploid/backdoor, there is no reason to give this topic the slighest amount of brain power. I won't waste a single neuron transmission even thinking about my phone and a possible " backdoor"

edit: because android os is linux based, and b/c of the whole " root " capability, ( root itself is considered an exploit ), this allows users to detect/display more of what is now being considered a ' backdoor ", hence before steve jobbs died his whole attack on android os security, apple ios most likely has similar exploits/backdoor but since users don't have access to their own exploit to be able to detect them, it is not in the ' news ' or forums or wherever.
 
I would look at it as something that should be fixed. From your point of view, I have the feeling your saying we shouldn't do anything and leave it? Sorry but i'd rather have security
 
N0ve this isn't the average exploit... all someone would have to do is input one simple universal password and have instant root access... and would be able manipulate your device in every way possible... yes I understand that exploits exist everywhere but this one is in plain sight and only requires a simple password and btw... most exploits are unintentional yet this one is obviously intentional... zte has some of the laziest engineers ever...:thumbdown::thumbdown::thumbdown::thumbdown:

Hit the thanks button if I helped you in any way please... :-)
 
Snake X said:
I would look at it as something that should be fixed. From your point of view, I have the feeling your saying we shouldn't do anything and leave it? Sorry but i'd rather have security
Click to expand...

Yes it should be fixed, im not saying it like that, but basically theres no need for all this " hype ", Im sure you would rather have security, i'd like security too...but even if you think your secure, I could have a keylogger on every single persons phone who installed my theme and they would never know about it, what it comes down to is what can you prove and what can you worry/not worry. If this is fixable, by all means you fix it, so will I, im just trying to express that something leaked, spread like wildfire, and for all we know it's really not exactly as described super simple way to gain root access to any zte warp. and regardless of how lazy the engineers are, theres no way it is intentional, no company in that value range would risk exposure/lawsuits/reputability, by intentionally leaving such an exploit. And bottom line is, every single one of you guys, including myself, opened up a can of worms full of vulnerability JUST by rooting our phones, point blank. So, my main point is just not to hype it up/worry about it...im all about a fix and security, just kinda getting my thoughts out there.
 
jetx2x said:
N0ve this isn't the average exploit... all someone would have to do is input one simple universal password and have instant root access... and would be able manipulate your device in every way possible... yes I understand that exploits exist everywhere but this one is in plain sight and only requires a simple password and btw... most exploits are unintentional yet this one is obviously intentional... zte has some of the laziest engineers ever...:thumbdown::thumbdown::thumbdown::thumbdown:

Hit the thanks button if I helped you in any way please... :-)
Click to expand...

I understand what your saying, but as i just replied to Snake, You, him, me, we ALL, exposed ourselves to thousands of vulnerabilities by ROOTING our phones to begin with, and i just don't think it needs to be hyped up, this whole possible exploit, You can thumbsdown all you want, but what I'd like to know is, prove to me that this is even real...show me something thats not a forum, or some guy making a youtube video, something that proves this is actually "simple universal password and have instant root access", regardless they would have to go through sprint pcs towers, theres a gateway list longer then this entire thread to connect right to a phone. I just doubt it thats all...show me some kind of proof, im open to links, and im in no way arguing, this is a healthy discussion, but even if this simple exploit did exist, do you realize how hard it would be for a random person to access your phone getting through sprint's routing table? and do you not think a huge company like sprint pcs has top of the line network security engineers ( field im studying to be in), that lookout for any SLIGHT possibility of anyone getting through...
 
Zte admitted to its existence... it hasn't been confirmed to be on the warp...
http://tinyurl.com/7yw8kyh

Why would you want the possibility of something malicious gaining root without your knowledge...? If it happened to you tommorow you would be pissed even though you said today that its no biggie....

Hit the thanks button if I helped you in any way please... :-)
 
jetx2x said:
Zte admitted to its existence... it hasn't been confirmed to be on the warp...
ZTE confirms the Score M has a backdoor, hopes to patch up soon - Engadget

Why would you want the possibility of something malicious gaining root without your knowledge...? If it happened to you tommorow you would be pissed even though you said today that its no biggie....

Hit the thanks button if I helped you in any way please... :-)
Click to expand...
Man all that article states is exactly what rooting a phone is in a generic way. Since we run " exploits " to root our phone, you can technically use the term " hacker ", idk Never said I wouldnt be pissed, I said i wouldnt worry about this at the moment. Also, thats Engadget , don't you think if this were more serious that a reputable national news company would be all over this?
 
The actual manufacturer ZTE has said that they acknowledge its existence and will have it patched... what more proof do you need? I'm pretty sure if a hacker did manage to f up all our phones with it that it would become important enough to become national news

Edit: it probably would be on every news channel if it was baked into android as a whole... but its only been on 2 phones from an extremely little known manufacturer

Hit the thanks button if I helped you in any way please... :-)
 
jetx2x said:
The actual manufacturer ZTE has said that they acknowledge its existence and will have it patched... what more proof do you need? I'm pretty sure if a hacker did manage to f up all our phones with it that it would become important enough to become national news

Edit: it probably would be on every news channel if it was baked into android as a whole... but its only been on 2 phones from an extremely little known manufacturer

Hit the thanks button if I helped you in any way please... :-)
Click to expand...
Alright, discussion ended, lol. Nothing else to say, good discussion though I like when people are able to express themselves without getting hostile. =)
 
holy crap, nove there doesnt have to be some remote access, just one app in the app store to check your build.prop for "compatible phones" (which wouldnt be hard... the market already filters...) and you can run this command via shell from within the app. by rooting you make your phone SAFER! why? because if i try to hijack a rooted phone the first thing that is gunna pop up is superuser asking if the user wants me to...

you want reputable? China's ZTE Ships Smartphone with Backdoor to MetroPCS (Updated) | SecurityWeek.Com and im sure you could prolly find a whole crapload more. i have yet myself confirmed if it is on teh warp but people in cm-dev say it is, so really if you wanna find out load up adb shell and give it a whirl.

many developers have recently scoured those files and found it was left in there intentionally, its not designed to be a backdoor but instead install apps, why zte chose to use a rotted agent instead of the proper methods supplied by google ive no idea.

bottom line, this is no danger to anyone on this forum. this was brought up because it is a MASSIVE security concern. especially since the other major chinese android OEM (Huawei) also recently had a security issue. dunno too much about it but it apparently was enough to spook the Australia government from ever using any of their products
 
the phone has a microphone, camera, and is connected to the internet all day long

so if you ever find naked pictures of your self on the internet, you know where they came from
 
You must log in or register to reply here.
Back
Top Bottom