ZTE Score ships with major security flaw

ZTE, best known for being one of the biggest mobile phone manufacturers in China, recently launched the Score in the United States. Well, it looks like the company isn’t getting off to a very good start. It just confirmed a security hole in the device that could potentially allow others to remotely control it.

The so-called backdoor was being used by ZTE to update the phone’s software. It seems this vulnerability is the result of careless programming. “I have never seen this before,” said Dmitri Alperovitch, co-founder of security startup CrowdStrike. “There are rumors about backdoors in Chinese equipment floating around. That’s why it’s so shocking to see it blatantly on a device.”

The ZTE Score is available through carriers MetroPCS and Cricket, both of which are only small regional carriers. ZTE was able to dodge the bullet for this reason — had the Score been available on a larger mobile provider like AT&T or Verizon, the company would have a much bigger mess to clean up.

“ZTE is actively working on a security patch and expects to send the update over-the-air to affected users in the very near future,” a representative for ZTE said. ”We strongly urge affected users to download and install the patch as soon as it is rolled out to their devices.” The vendor also confirmed that the vulnerability only affects the Score and not any of its other handsets.

It looks like ZTE’s plan to double smartphone shipments after expanding to the United States isn’t taking off just yet after this incident. Better luck next time with those upcoming Windows Phone devices.

[via Reuters]