Chinese manufacturer ZTE has confirmed the Android-based Score M (MetroPCS, ) handset is susceptible to a backdoor security hole. Once enabled, the bad guys could gain root access and add, remove or copy data from the smartphone. Apparently the process starts with a hardwired device password which can be easily found online. If there’s an upside to the news it’s that the ZTE Score M is not a top-selling handset.
“ZTE is actively working on a security patch and expects to send the update over-the-air to affected users in the very near future,” ZTE said. “We strongly urge affected users to download and install the patch as soon as it is rolled out to their devices.”
The vulnerability was discovered by Dmitri Alperovitch of CrowdStrike and calls the flaw “highly unusual”. As he sees it, either this was a simple mistake cause by poor development or that it could be that it’s done for nefarious purposes. ZTE, alongside fellow Chinese manufacturer Huawei, have been tied to allegations of links to the government. Although each companies have denied said claims, this sort of vulnerability doesn’t help the image. Other ZTE models such as the Skate are said to possibly contain the security flaw.