{"id":12887,"date":"2012-05-18T12:41:29","date_gmt":"2012-05-18T10:41:29","guid":{"rendered":"http:\/\/businesstech.co.za\/news\/?p=12887"},"modified":"2012-05-18T13:34:18","modified_gmt":"2012-05-18T11:34:18","slug":"zte-confirms-phone-security-hole","status":"publish","type":"post","link":"https:\/\/businesstech.co.za\/news\/mobile\/12887\/zte-confirms-phone-security-hole\/","title":{"rendered":"ZTE confirms phone security hole"},"content":{"rendered":"<p><a title=\"ZTE Corp.\" href=\"http:\/\/businesstech.co.za\/forum\/showthread.php\/1676-ZTE-Corporation\">ZTE Corp<\/a>, the world&#8217;s No.4 handset vendor and one of two Chinese companies under U.S. scrutiny over security concerns, said one of its mobile phone models sold in the United States contains a vulnerability that researchers say could allow others to control the device.<\/p>\n<p>The hole affects ZTE&#8217;s Score model that runs on Google Inc&#8217;s Android operating system and was described by one researcher as &#8220;highly unusual.&#8221;<\/p>\n<p>&#8220;I&#8217;ve never seen it before,&#8221; said Dmitri Alperovitch, co-founder of cybersecurity firm, CrowdStrike. The hole, usually called a backdoor, allows anyone with the hardwired password to access the affected phone, he added.<\/p>\n<p>ZTE and fellow Chinese telecommunications equipment manufacturer, <a title=\"Huawei Technologies Co Ltd\" href=\"http:\/\/businesstech.co.za\/forum\/showthread.php\/1651-Huawei-Technologies\">Huawei Technologies Co Ltd<\/a>, have been stymied in their attempts to expand in the United States over concerns they are linked to the Chinese government, though both companies have denied this.<\/p>\n<p>Most such concerns have centered on the fear of backdoors or other security vulnerabilities in telecommunications infrastructure equipment rather than in consumer devices.<\/p>\n<p>Last month a U.S. congressional panel singled out Huawei and ZTE by approving a measure designed to search and clear the U.S. nuclear-weapons complex of any technology produced by the two companies.<\/p>\n<p>Reports of the ZTE vulnerability first surfaced this week in an anonymous posting on the code-sharing website, pastebin.com. Others have since alleged that other ZTE models, including the Skate, also contain the vulnerability. The password is readily available online.<\/p>\n<p>ZTE said it had confirmed the vulnerability on the Score phone, but denied it affected other models.<\/p>\n<p>&#8220;ZTE is actively working on a security patch and expects to send the update over-the-air to affected users in the very near future,&#8221; ZTE said in an emailed statement. &#8220;We strongly urge affected users to download and install the patch as soon as it is rolled out to their devices.&#8221;<\/p>\n<p>Alperovitch said his team had researched the vulnerability and found that the backdoor was deliberate because it was being used as a way for ZTE to update the phone&#8217;s software. It is a question, he said, of whether the purpose was malicious or just sloppy programming.<\/p>\n<p>&#8220;It could very well be that they&#8217;re not very good developers or they could be doing this for nefarious purposes,&#8221; he said.<\/p>\n<p>While security researchers have highlighted security holes in <a title=\"Android Mobile Oerating System\" href=\"http:\/\/businesstech.co.za\/forum\/showthread.php\/1754-Android\">Android<\/a> and other mobile operating systems, it is rare to find a vulnerability apparently inserted by the hardware manufacturer.<\/p>\n<p>&#8220;I have never seen this before. There are rumors about backdoors in Chinese equipment floating around,&#8221; Alperovitch said. &#8220;That&#8217;s why it&#8217;s so shocking to see it blatantly on a device.&#8221;<\/p>\n<p>A Google spokesman declined to comment.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>ZTE Corp, the world&#8217;s No.4 handset vendor and one of two Chinese companies under U.S. scrutiny over security concerns, said one of its mobile phone models sold in the United States contains a vulnerability that researchers say could allow others to control the device.<\/p>\n","protected":false},"author":7,"featured_media":2947,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[25,847,375,2859,705],"class_list":["post-12887","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-mobile","tag-active","tag-hack","tag-security","tag-vulnerability","tag-zte"],"_links":{"self":[{"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/posts\/12887","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/comments?post=12887"}],"version-history":[{"count":4,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/posts\/12887\/revisions"}],"predecessor-version":[{"id":12893,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/posts\/12887\/revisions\/12893"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/media\/2947"}],"wp:attachment":[{"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/media?parent=12887"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/categories?post=12887"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/tags?post=12887"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}