The Chinese company ZTE is gaining market shares on the entry-level Smartphone segments. However, a major security breach in some of its models is probably going to make some bad ads. The back door is found in the ROM of some Android-based smartphone models.
Originally identified on the Score M model, a smartphone dedicated to north america markets, the security vulnerability consist of a command that can be called with a password (identical in all models), giving roo right access to the hacker... in other words, your mobile phone is his mobile phone.
The vulnerability haas bow been identified in a second ZTE smartphone; aka ZTE Skate, distributed in Europe under different names: Orange Monte Carlo, SFR Staraddict...
While ZTE acknowledged the problem and promised to work on a solution, there is no date provided to fix this vulnerability. Let's hope that it comes fast as one would not want to imagine the damage if a hacker manage to distribute an application making use of this security hole.
A small reminder for owners of jailbreaked iPhone, it also opens a security hole, as it gives access to a root user with a defined password ("alpine"), so remember to change this password, especially if you install an OpenSSH package for remote access.
