Two mobile phones developed by Chinese device manufacturer ZTE have been found to carry a hidden backdoor, which can be used to instantly gain root access via a password that has been hard-coded into the software.
Android devices typically ship with the user unable to run commands as the 'root user', in order to protect customers from any inadvertent damage they could cause, and to reduce the chance of rogue applications taking complete control of the device. However, following an anonymous post to Pastebin on Thursday, security researcher Dmitri Alperovitch confirmed on Monday that ZTE has installed an application on the Score M and the Skate mobile phones that makes rooting these phones simple.
The post on Pastebin said: "There is a setuid-root [set user ID upon execution] application at /system/bin/sync_agent that serves no function besides providing a root shell backdoor on the device. Just give the magic, hard-coded password to get a root shell."