ZTE acknowledged that a backdoor exists on their Android phone ScoreM after security research firm CrowdStrike discovered the vulnerability. A backdoor basically a secret login system created by the programmer to access the root of a system but it is highly unusual for a mobile phone or a communication device to have it especially created by company who made it.
According to Alperovitch of CrowdStrike, ZTE used this backdoor to update the firmware of their device instead of Over-the Air “OTA” standard update for some carrier. This is a security risk considering that the password to access the system is readily available online and this violates personal privacy of the owner.
The US congress also allowed the search of any ZTE and Huawei technologies in all their U.S. nuclear-weapons complex and in Australia another chinese company Huawei Technologies was also denied the participation of this Chinese communication company in the bidding for the US$38-billion National Broadband Network (NBN) due to cyber security concerns.
“ZTE is actively working on a security patch and expects to send the update over-the-air to affected users in the very near future,” ZTE said in an emailed statement. “We strongly urge affected users to download and install the patch as soon as it is rolled out to their devices.”