Flaw can give root to any app, as long as the password is right.
The Pastebin post referred to the ZTE Score M on MetroPCS in the United States. It runs the Android 2.3.4 (Gingerbread) operating system.
There is a setuid-root application at /system/bin/sync_agent that serves no function besides providing a root shell backdoor on the device.
According to AndroidAuthority, the ZTE Skate, sold by Orange in the UK, is also affected. ZTE has reportedly confirmed the problem and is said to be working on a fix for it.
XDA Recognized Developer shabbypenguin and XDA Elite Recognized Developer jcase, suggest that ZTE engineers likely left this enabled accidentally on the affected handsets before they shipped.
There is a setuid-root application at /system/bin/sync_agent that serves no function besides providing a root shell backdoor on the device.
Just give the magic, hard-coded password to get a root shell:
$ sync_agent ztex1609523
# id
uid=0(root) gid=0(root)
Nice backdoor, ZTE.
According to AndroidAuthority, the ZTE Skate, sold by Orange in the UK, is also affected. ZTE has reportedly confirmed the problem and is said to be working on a fix for it.
XDA Recognized Developer shabbypenguin and XDA Elite Recognized Developer jcase, suggest that ZTE engineers likely left this enabled accidentally on the affected handsets before they shipped.
Tags:
ZTE