转自:http://www.landofdroid.com/2012/security-zte-phones-root-backdoor/

It’s appearing that a root backdoor has appeared in ZTE phones, allowing full root to devices. It simply provides a root shell using a hard-coded password. This is serious news for any hackers, as this command can cause major damage to phones.

Here is the information, should you wish to have a go: 

The ZTE Score M is an Android 2.3.4 (Gingerbread) phone available in the United States on MetroPCS, made by Chinese telecom ZTE Corporation.

There is a setuid-root application at /system/bin/sync_agent that serves no function besides providing a root shell backdoor on the device.  Just give the magic, hard-coded password to get a root shell:

$ sync_agent ztex1609523
# id
uid=0(root) gid=0(root)

Nice backdoor, ZTE.

It is confirmed on these devices:

If you have tested and got this to work for your devices, tell us in the comments or on any social networks.

We should know more when ZTE makes an announcement as to why this was included.

Source via Justin Case

留言评论(旧系统):

koohik @ 2012-05-14 16:24:46

核总,你翻译一下呗,俺们菜菜英文不怎么的好,看不懂~~

本站回复:

谷歌翻译。 ╮(╯_╰)╭

【匿名者】 @ 2012-05-14 16:46:26

中兴比较给力,欧美用的挺多。天朝想干欧美啊。

本站回复:

╮(╯_╰)╭

小一 @ 2012-05-14 18:28:54

核总,求个90sec的邀请码啊,QQ消息给你都不鸟我。。。

本站回复:

没有权限获取邀请码 ╮(╯_╰)╭

koohik @ 2012-05-15 08:53:23

核总,请教一个问题,使用cain嗅探目标服务器,过了一会目标服务器挂掉,自己控制的服务器也挂掉,是什么情况?听说控制发包数量就可以了,这个是如何操作呢?百度也没有什么合适的答案,请教一下,呵呵

本站回复:

首先发包的速度不会导致目标挂掉,挂掉也分多种情况,最多的一种是转发数据不成功,Cain是双向欺骗的,而如果其中一方没有欺骗成功,那么是无法转发数据的,而且另外一方会掉线。这个原因比较多,具体要看实际情况。

晴天小铸 @ 2012-05-15 18:26:00

引想国外 严重~!!!! 中兴安卓手机通杀啊 $ sync_agent ztex1609523 会安卓编程的写个病毒程序去国外那里,网络僵尸又来了 ( ⊙ o ⊙ )!

本站回复:

手机僵尸网络  ╮(╯_╰)╭