I suspect that roughly 10% percent of backdoors are discovered. If this is the case then I wonder to what extent backdoors hide in our computing devices. RMS deserves more credit and I think he will be remembered fifty years from now when our lives are even more controlled by computers.
I don't know whether I'm more suspicious of ZTE, the carrier, the Chinese government or the US government. I don't really know how to process that thought.
A while back Indian govt barred its state telecom carrier (BSNL) to source equipment from Huawei for similar concerns. I thought they were paranoid at the time. Looks like they had a valid point.
That's no guarantee for anything. It's already out in the open that Huawei has close ties to the Chinese government and military. The point OP is trying to make is that Chinese telecom cannot be trusted as the Chinese government is actively indulging in systematic deployment of espionage frameworks on this level - by infiltration through business.
If you think about it, every law is a threat of violence. If you're not prepared to use violence, or at least force to some degree, to enforce it, you merely have a strong suggestion. Even if you just start off with handcuffs, if they escalate, you have to escalate, or let them go.
I think this is a useful heuristic for deciding whether something should be legislated: "is this worth using violence over?"
Do you know why corporations do what courts say (pay damages, clean up oil spills, etc.)? Because inside their scaly, corporate armor, they're made of squishy people.
Is there trusted hardware a company could buy that is completely open-source, including hardware design and checks, so white-hats could identify any mishaps with it?
They're not open-source hardware in that sense. What they publish is a 19-page pdf of schematics of how the components are put together [1] -- and even that has redactions due to NDAs (like page 14 -- the say they have a "super NDA" with the GSM chip provider that bans them from even publishing the datasheet!) The components themselves (like the Samsung SoC and the GSM chip) are completely closed.
"Open" in that they show you how they put together the black boxes. "Closed" because it's all made up of black boxes.
Even then, trusting trust is not really all that undetectable in a world of different compilers and different hardware. Or, perhaps more accurately, the power of the adversary has to increase by a lot to maintain the illusion of non-infection.
As skeptical as I am of government in general, and perhaps the chinese one in particular, I find it very hard to believe they would put a suid root binary with a password in the flash... What would be the point of that?
Now if it was some daemon that set up a listening socket and linked to some APIs, ready to let an unidentified external party hook into the phonebook, or something like that, then I'd be screaming government, bloody government! :)
People who care about this privacy issue usually don't use ZTE. No offense, but ZTE aims at the entry-level consumers, most of whom don't know what root is and only buy ZTE for the low price.
Besides, in China, there are way more to be worried than this non-issue. You know it...
I don't understand why there is so much xenophobia about this exploit. A government backdoor would be far more capable and sophisticated than this. Occam's razor applies here: an suid debug binary was left in the production image by accident.
It's such a security fail... So big that I doubt it's true. Without any proof, explanation... has anybody been able to reproduce it?
If it's true, it would a great opportunity to see how Google/ZTE reacts to this vulnerability. How much time will ZTE take to correct this and issue an update? And also, will be able Google to stop applications who exploit this vulnerability to go public in the Market? I sincerely doubt it.
By fixing it, I assume they mean removing this backdoor and put in a new one? If they remove it altogether, there's not much reason to have it there in the first place.
Does the reason for the backdoor really have to be to allow malicious remote access (hence requiring a replacement backdoor)?
I highly doubt, considering the obvious nature and simplicity of the binary, that clandestine remote access (i.e. by the Chinese government or other such tinfoil hat theories) was the idea.
Especially given the name of the binary, I suspect some ZTE engineer was tasked with writing a desktop or mobile sync application that they decided needed root access for some reason. Said engineer then made a major mistake and decided a non-unique plaintext secret stored in the binary was adequate security. This happens all the time - see the recent RuggedCom "backdoor" fiasco [0]. It's happened at places I've worked, too, and it's not exactly new in the industry as a whole.
An engineer was uninformed or ignored security best practices and wrote code with a vulnerability. The vulnerability will be patched out. It's a big deal and it sucks (why were all setuid binaries not audited, at least to the level that basic oversights like this one would be noticed?), but at least in my mind it's not some kind of secret government control backdoor conspiracy - it's just a horrible bug.
I understand that, but I meant it more in a philosophical way. The backdoor is not a bug (it's hard for me to imagine that the backdoor was included by accident), so you can't fix it. You can only remove it.
Also, it's not a vulnerability either (from ZTE's point of view). It's a feature.
