ZTE Confirmed that the Score M Has Security Issue
ZTE acknowledged the vulnerability that plagues one of its Android smartphone, the ZTE Score M. The phone currently available in the US and the vulnerability potentially allows malicious people to take over the device completely. The phone is currently available in the United States through MetroPCS for $99. The backdoor allows people with a hard-coded password to take over the control and worse; the password has been distributed by an anonymous poster on the Internet. ZTE told the media that it’s working on a fix and an OTA update should be released in the near future.
Analysts described the discovery of the backdoor as very unusual and they questioned why such vulnerability could be present in the first place. For many mobile security experts this is something that they’ve never seen before. They suspect that ZTE deliberately created the backdoor as a highly unorthodox way to push software updates. This may happen due to sheer incompetence of ZTE’s development team, as there are legitimate APIs developed for the same purpose without putting the phone at risk.