ZTE Confirms Backdoor Vulnerability in Android Devices

Tuesday, May 22, 2012

Headlines

69dafe8b58066478aea48f3d0f384820

Chinese telecom and mobile device manufacturer ZTE has confirmed the presence of a backdoor vulnerability in the ZTE Score M smartphones distributed in the U.S.

The vulnerability could allow an attacker to remotely gain control over the device, and the password located in the /system/bin/sync_agent that accesses the backdoor has been published in the wild.

According to a report in The Register, "ZTE's Score M ships with an application featuring a hardcoded password that gives the user, or software running on the device, administrator-level access. Running the program with the password spawns a root shell prompt on the Linux-powered mobes, allowing the phone to be completely taken over."

It is rumored that the vulnerability exists in the company's Skate smartphones as well, but ZTE has denied that Skate's are at risk. ZTE is currently working on a patch to be distributed that will eliminate the potential exposure for their customers.

ZTE was one of several Chinese firms being investigated by the House Intelligence Committee in a continuing probe into telecom firms suspected of aiding the Chinese government in spying activities and concerns regarding their relationship to the People's Liberation Army (PLA).

Committee Chairman Mike Rogers had initiated the probe last fall after a preliminary inquiry into Chinese espionage operations subsequently determined the need for further investigation into threats aimed at the U.S. technology supply chain, critical infrastructure, and proprietary information.

Central to the investigation is concerns over the potential presence of backdoors in hardware manufactured in China which could allow for data exfiltration on a large scale.

Lapses in security that exist in the global electronics supply chain could be used by foreign entities like China to introduce widespread vulnerabilities, as was discussed in the U.S.-China Economic and Security Review Commission report released late last year.

Aside from threats to consumers and businesses, the pre-infected devices could be employed in systems governing critical infrastructure assets or in government networks, making the supply chain vulnerabilities a serious threat to national security.

The DHS and the Department of Defense have already established a task force to further examine the issue. One significant challenge is determining if a vulnerability was merely due to poor quality control, or if the presence of a vulnerability was intentional in nature.

The White House Cyber Policy Review, released in 2011, warned that "the emergence of new centers for manufacturing, design, and research across the globe raises concerns about the potential for easier subversion of computers and networks through subtle hardware or software manipulations. Counterfeit products have created the most visible supply problems, but few documented examples exist of unambiguous, deliberate subversions."

The report went on to recommend that "a broad, holistic approach to risk management is required rather than a wholesale condemnation of foreign products and services. The challenge with supply chain attacks is that a sophisticated adversary might narrowly focus on particular systems and make manipulation virtually impossible to discover. Foreign manufacturing does present easier opportunities for nation-state adversaries to subvert products; however, the same goals could be achieved through the recruitment of key insiders or other espionage activities."

Possibly Related Articles:
5700
PDAs/Smart Phones
China Vulnerabilities Mobile Devices Hardware Headlines Espionage Supply Chain backdoor ZTE
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.