App on several OnePlus devices grants backdoor root access

App on several OnePlus devices grants backdoor root access

Alderson said that he would publish an app soon to allow users to simply gain root access to their devices. While the root backdoor hasn't been verified in other devices yet, reports from Twitter indicate the APK was also found in Asus and Xiaomi devices. This app is used at the factory to test various functions of the device. It's not something that could be achieved remotely, however, you would need the physical OnePlus device connected to a computer running the Android Debug Bridge (ADB) to exploit the vulnerability.

The application is called "EngineerMode" and was developed by Qualcomm for factory testing.

In this app, the developer has found activity known as "DiagEnabled", if enabled with a specific password, grants the root access.

This app is a system app made by @Qualcomm and customised by @OnePlus.

AC-130 Gunship Simulator screenshot apparently proves the U.S. works with ISIS
The Russian Defense Ministry on Tuesday accused the USA -led coalition of interfering with the Russian air force to protect retreating Islamic State (IS) militants.

You can also check if this application is installed on your OnePlus device or not.

On devices with the application present, an attacker could use the easily crackable password to hijack the device and execute malicious code. It should be a simple matter of just removing the APK in an update, but this will certainly put a damper on the launch of the OnePlus 5T, which comes out this week.

OnePlus co-founder Carl Pei has acknowledged the issue, and insisted that the company is looking into it. "Thanks for the heads up, we're looking into it", Pei said on Twitter. The company already drew criticism earlier this year over its onerous data collection practices, in which the company sucked up sensitive data from user devices and transmitted that information with each device's serial number attached.

For owners of OnePlus devices who are curious to learn if the Engineer Mode app is installed on their device, it is possible to find the app by going to Settings, opening the Apps menu, tapping Menu, and Show System apps.

Related Articles