OnePlus Phone Backdoor: Devices Shipped With Factory App That Can Root Devices

Adjust Comment Print

While the exposed diagnostics app itself is a security risk, the real danger is that another exploit or malicious app could be used in combination with the toolkit to both achieve root access and then install further malware on a targeted device.

He further claims that the company has intentionally left the backdoor on their devices. It's used by the operator in the factory to test the devices. If you have a OnePlus phone, you may be interested - and a little disturbed - to learn that the company is preinstalling an app that acts as a backdoor to root access.

An application called EngineerMode was found on OnePlus devices (as well as other devices from different manufacturers).

The developer, with the help of few cybersecurity experts, was able to discover the password and was able to root a OnePlus device with few commands.

The backdoor is provided through an application called Engineer Mode that ships pre-installed on the devices.

Contracted Soviet-derived spaceplane Dream Chaser makes successful glide test
It's an important milestone in the Dream Chaser's development, as Sierra Nevada readies the plane for spaceflight. Sierra Nevada filed a protest, but the government's General Accounting Office upheld the decision.

In this app, the developer has found activity known as "DiagEnabled", if enabled with a specific password, grants the root access. The staff member reassured users by saying that third-party apps can't gain full root privileges from EngineerMode. The application is present in all OnePlus devices including 3, 3T and 5.

OnePlus has acknowledged the issue, and company founder Carl Pei said it is being investigated.

Earlier, according to a post on Christopher Moore's blog, OnePlus is collecting sensitive private data like IMEI numbers, mobile network names and IMSI prefixes, MAC addresses, and more. The fact that it is preinstalled on handsets is something of a concern, and OnePlus is yet to respond to questions about the app and its potential for exploit.

The application in question is EngineerMode, in which its objective is to test Qualcomm processors easily.

Comments