3 Comments

Summary:

A security hole was found in the ZTE Score, a handset model sold on both by Metro PCS and Cricket in the U.S. The breach appears to be a “backdoor” put in by ZTE, which is already under U.S. scrutiny as a China-based company.

chinese-spy

A security hole was found in the ZTE Score, a handset model sold on both by Metro PCS and Cricket in the U.S. On Friday, ZTE confirmed the issue exists, says Reuters, and is working to close what some are calling a “backdoor” method of access to the Google Android handset. The problem is one of bad timing for ZTE, which has been under scrutiny for some time by the U.S. government because the company is based in China.

I’ve said for more than a year that ZTE — and Huawei, for that matter — are two Chinese companies that are soon to be a household name in the U.S. Unfortunately, this type of security issue isn’t what I meant. ZTE is one of the largest network hardware manufacturers in the world and recently announced a strategy to challenge for the top smartphone spot as well. In the past year, according to Gartner, ZTE has moved from fifth to fourth in worldwide mobile phone sales and is now closing in on Apple.

What’s particularly concerning here is the type of security breach. If the hole is a “backdoor” by the traditional definition, it means that ZTE actively created the entry point, which can be accessed through a single password for control of the phone. It suggests that Android — which is no stranger to malware and security issues — isn’t the problem, but that ZTE itself manufactured it.

And given the prior concerns that a Chinese company could be using phones and other consumer technology to gather information unbeknownst to a user, this issue may fan the fires of mistrust.

Perhaps this is much ado about nothing and simply an issue of poor timing and coincidence. But it could give consumers and carriers pause before buying or using a ZTE-built phone or tablet in the U.S. What do you think: Potential national security issue or something we really shouldn’t worry too much about? Have it in our poll!

Thumbnail image courtesy of TRDefence

You’re subscribed! If you like, you can update your settings

  1. “ZTE is one of the largest network hardware manufacturers in the world” and has been caught putting a backdoor in their phones? And it all comes out of a place where we have no idea what is going on? And anybody wonders if there are security risks?

    A few years ago, a Silicon Valley consortium hired a couple of Chinese administrators from their customs department to serve as consultants on China’s implementation of restriction of hazardous substances regulations. These people had previously administrated these regulations. But when you tried to pin them down, they admitted that the substances, limits and enforcement was entirely capricious and dependent on political maneuvering.

    Now, everyone is going for commodity server hardware using design elements pilfered from US companies dumb enough to send grunt design work over there. And people act surprised that this hardware has hooks and backdoors to skim intelligence from? Who needs sexy Russian spies when you can just route all communications though a box you built?

    1. What phones aren’t made in some fashion in China. My iPhone is “assembled” in China.

      1. Kevin C. Tofel Think Sunday, May 20, 2012

        Very true, but I’d like to think that no backdoor hacks are able to get added via the iOS flashing process. I doubt Apple gives the iOS source to a manufacturer, for example. Its more likely that is simply provides the ROM install.

Comments have been disabled for this post