ZTE Corp, the world’s No.4 handset vendor and one of two Chinese companies under U.S. scrutiny over security concerns, said one of its mobile phone models sold in the United States contains a vulnerability that researchers say could allow others to control the device.
The hole affects ZTE’s Score model that runs on Google Inc’s Android operating system and was described by one researcher as “highly unusual.”
“I’ve never seen it before,” said Dmitri Alperovitch, co-founder of cybersecurity firm, CrowdStrike. The hole, usually called a backdoor, allows anyone with the hardwired password to access the affected phone, he added.
ZTE and fellow Chinese telecommunications equipment manufacturer, Huawei Technologies Co Ltd, have been stymied in their attempts to expand in the United States over concerns they are linked to the Chinese government, though both companies have denied this.
Editor’s Note: This article, sadly, is no surprise. The real problem will begin when the backdoors are put into hardware, that is, the chips themselves. This backdoor was in code. Granted it was code that was delivered with the phone, so some folks may consider it “hardware,” but the fact is was software meant it could be found. The hardware Trojan backdoors will not be found nearly so easily–and this one likely wasn’t easy. The phones are already out there. So, they are issuing a software “patch” to fix. Do you really trust the company who put the backdoor in, in the first place, to be able to fix the problem?