OnePlus backdoor means hackers could take over your phone

OnePlus Left Behind a Testing App on Its Devices With Backdoor to Root Access Report

A potentially risky backdoor in multiple OnePlus devices has been just unearthed by a knowing developer, revealing a hidden app that can be potentially used to gain root access and take control over the device. They are able to gain root if they have a password to bypass privilege escalation checks.

Some digging into the deep system apps on OnePlus phones has resulted in the exposure of the vulnerability that OnePlus devices possess. However, it can be exploited to enable backdoor rooting.

According to one developer named as Elliot Alderson, OnePlus has an application called as "EngineerMode", which is basically used to check whether the unit is working properly or not in the factory. However, it also holds a backdoor which is capable of root access, even if the device has not been unlocked. Furthermore, there was a hint to an "AngelaRoot" mode embedded in the APK itself. It is actually a modified version of a testing application created by Qualcomm. But on the other hand, we do hope that OnePlus patches this as well, because it is provides a legitimate backdoor to OnePlus 3, 3T, and OnePlus 5 devices.

On devices with the application present, an attacker could use the easily crackable password to hijack the device and execute malicious code. The company recently admitted to collecting personal information of users without their permission. While the company eventually reversed course on the data collection, another discovery has been made in the software of OnePlus phones. The app in question is EngineerMode APK, and it has been developed by Qualcomm for the device manufacturers to test hardware components. From there, just search for Engineer Mode to see if it is installed.

The discoverer of the app had a problem.

We've also reached out to OnePlus for comment.



Other news