OnePlus Phone Backdoor: Devices Shipped With Factory App That Can Root Devices

OnePlus 5 Security

OnePlus Phone Backdoor: Devices Shipped With Factory App That Can Root Devices

It was unveiled that the app potentially renders all OnePlus devices open to backdoor root access. While the company eventually reversed course on the data collection, another discovery has been made in the software of OnePlus phones.

A developer recently discovered that an app installed on OnePlus devices (OnePlus 3, 3T, 5 according to Android Police) called "EngineerMode". "Using this shell command triggers the diagnostic mode (or backdoor) and grants future ADB sessions root access, even after the device is rebooted", NowSecure stated in a blog post. The app in question is EngineerMode APK, and it has been developed by Qualcomm for the device manufacturers to test hardware components. The app has the ability to diagnose Global Positioning System, check root status and perform a series of tests.

After tearing apart the phone's libdoor.so library, he managed to obtain root access though bypassing the escalate and isEscalated methods in the DiagEnabled activity.

'We Will Do This Together': Walmart Cashier Helps Flustered Customer
Once the man left with his purchases, Bowlin said she thanked the cashier for being patient with him. His voice and hands were shaking and he looked back and said, "I'm so sorry", according to Bowlin.

Dallas County assistant DA fired for behavior toward Uber driver
She can't treat people like that just because I'm not a doctor or a lawyer or someone she hangs around. "Just take me home, dude". He says she refused to respond to follow-up questions on where to drive, became "increasingly angry" and hurled insults.

Russian Federation accuses USA of not attacking Daesh in Syria town
The Kremlin denied that Putin had shown the wrong footage to the American director Oliver Stone during one of a series of interviews.

If it's there, anyone with physical access to your device can exploit EngineerMode to gain root access on your smartphone.

"If you have an OnePlus device, I'm pretty sure you have this app pre-installed".

Not long ago, researchers found out OnePlus phones were collecting data without informing the users. Of course, expecting the developers to unlock the bootloader for each device during its testing phases would be ridiculous, but its inclusion does pose security risks for everyday users. The app is normally hidden until you tell Android to show system apps, so you might not notice it unless you went looking for it. If it was overlooked, it is likely the upcoming 5T would have it also, which would necessitate removing the app before the device ships on November 16.

Latest News