OnePlus Phone Backdoor: Devices Shipped With Factory App That Can Root Devices

OnePlus 3T

OnePlus Phone Backdoor: Devices Shipped With Factory App That Can Root Devices

It was unveiled that the app potentially renders all OnePlus devices open to backdoor root access. While the company eventually reversed course on the data collection, another discovery has been made in the software of OnePlus phones.

A developer recently discovered that an app installed on OnePlus devices (OnePlus 3, 3T, 5 according to Android Police) called "EngineerMode". "Using this shell command triggers the diagnostic mode (or backdoor) and grants future ADB sessions root access, even after the device is rebooted", NowSecure stated in a blog post. The app in question is EngineerMode APK, and it has been developed by Qualcomm for the device manufacturers to test hardware components. The app has the ability to diagnose Global Positioning System, check root status and perform a series of tests.

After tearing apart the phone's libdoor.so library, he managed to obtain root access though bypassing the escalate and isEscalated methods in the DiagEnabled activity.

TJX's same-store sales flat in hurricane-hit third quarter
The stock of TJX Companies Inc (NYSE:TJX) earned "Buy" rating by RBC Capital Markets on Monday, October 30. Telsey Advisory Group maintained the stock with "Market Perform" rating in Wednesday, November 16 report.

Buffalo Wild Wings: Analysts Assess the Other Kind of Takeout
The restaurant operator reported $1.36 earnings per share (EPS) for the quarter, beating the consensus estimate of $0.79 by $0.57. As of the end of the quarter Davidson Investment Advisors had bought a total of 50,606 shares growing its holdings by 37,485.9%.

Locker rooms robbed in Bank of Baroda in a dramatic style
The bank, incidentally, had not installed CCTV cameras in the locker room to protect the customer's privacy. This shop housing private lockers rented out to people for safe keeping of valuable and documents.

If it's there, anyone with physical access to your device can exploit EngineerMode to gain root access on your smartphone.

"If you have an OnePlus device, I'm pretty sure you have this app pre-installed".

Not long ago, researchers found out OnePlus phones were collecting data without informing the users. Of course, expecting the developers to unlock the bootloader for each device during its testing phases would be ridiculous, but its inclusion does pose security risks for everyday users. The app is normally hidden until you tell Android to show system apps, so you might not notice it unless you went looking for it. If it was overlooked, it is likely the upcoming 5T would have it also, which would necessitate removing the app before the device ships on November 16.

Latest News