ZTE warns of security vulnerability in Score Android phone
ZTE has confirmed that its Android-powered Score smartphone is vulnerable to a backdoor security hole enabling anyone with the device's hardwired password to access its root directory, allowing cyberattackers to add, remove or copy data. The password is readily available online, Reuters reports.
ZTE's Score Android
"ZTE is actively working on a security patch and expects to send the update over-the-air to affected users in the very near future," ZTE said. "We strongly urge affected users to download and install the patch as soon as it is rolled out to their devices." The ZTE Score is available from U.S. operator MetroPCS (NYSE:PCS); sources indicate other ZTE devices, including the Skate smartphone, may also contain the vulnerability.
Dmitri Alperovitch, co-founder of cybersecurity firm CrowdStrike, told Reuters that the security flaw is "highly unusual," adding "I've never seen it before." Alperovitch said CrowdStrike research indicates backdoor was deliberately installed by ZTE as a means to update the Score's software. "It could very well be that they're not very good developers or they could be doing this for nefarious purposes," Alperovitch said.
ZTE and fellow Chinese manufacturer Huawei have struggled to expand their business into the U.S. market in the face of concerns they are linked to the Chinese government. Both firms have denied the claims.
Android malware increased 155 percent between 2010 and 2011, according to a report issued last week by networking manufacturer Juniper Networks. Juniper reports that 18 percent of users have very little confidence in mobile technology, with another 63 percent unable to decide if they can trust mobile device security. Despite consumer concern, the report found that 76 percent of users access sensitive financial or medical information on their devices.
- read this Reuters article
Special Report: Security breaches in mobile: The worst of 2011-2012 (so far)
Report: Android malware increased 155% y-o-y
Lookout teams with Deutsche Telekom on mobile security push
Report: Facebook security flaw endangers iOS and Android users
Rovio warns against Android malware in fake versions of 'Angry Birds'
Report: Android Market plagued by malware threats