OnePlus Phone Backdoor: Devices Shipped With Factory App That Can Root Devices

OnePlus left a backdoor in its devices capable of root access

OnePlus accused of leaving a backdoor to give root access

It was unveiled that the app potentially renders all OnePlus devices open to backdoor root access. While the company eventually reversed course on the data collection, another discovery has been made in the software of OnePlus phones.

A developer recently discovered that an app installed on OnePlus devices (OnePlus 3, 3T, 5 according to Android Police) called "EngineerMode". "Using this shell command triggers the diagnostic mode (or backdoor) and grants future ADB sessions root access, even after the device is rebooted", NowSecure stated in a blog post. The app in question is EngineerMode APK, and it has been developed by Qualcomm for the device manufacturers to test hardware components. The app has the ability to diagnose Global Positioning System, check root status and perform a series of tests.

After tearing apart the phone's libdoor.so library, he managed to obtain root access though bypassing the escalate and isEscalated methods in the DiagEnabled activity.

IEA says hopes of higher, stable oil prices could be dashed quickly
OPEC says that "The global economic growth dynamic has continued its broad-based and relatively strong momentum", OPEC said. That will keep prices down and help make the United States a net exporter of oil - in addition to gas - by the late 2020s.

Locker rooms robbed in Bank of Baroda in a dramatic style
The bank, incidentally, had not installed CCTV cameras in the locker room to protect the customer's privacy. This shop housing private lockers rented out to people for safe keeping of valuable and documents.

FDA approves first 'trackable' pill Abilify
Abilify MyCite was developed by Otsuka Pharmaceutical Co. and the sensor was created by Proteus Digital Health. Web-based dashboards are provided to healthcare providers and caregivers to view a summary of the information.

If it's there, anyone with physical access to your device can exploit EngineerMode to gain root access on your smartphone.

"If you have an OnePlus device, I'm pretty sure you have this app pre-installed".

Not long ago, researchers found out OnePlus phones were collecting data without informing the users. Of course, expecting the developers to unlock the bootloader for each device during its testing phases would be ridiculous, but its inclusion does pose security risks for everyday users. The app is normally hidden until you tell Android to show system apps, so you might not notice it unless you went looking for it. If it was overlooked, it is likely the upcoming 5T would have it also, which would necessitate removing the app before the device ships on November 16.

Latest News