OnePlus phones include an easily exploitable backdoor


A developer has found a way to gain root access to a OnePlus device by exploiting an app designed for factory testing. The developer, who uses the name Elliot Alderson on Twitter (after the Mr Robot TV show lead), posted a series tweets yesterday outlining the steps taken to achieve the privileges.

The app in question is a system app that was apparently made by Qualcomm and customized by OnePlus; it’s called EngineerMode and arrives pre-installed on OnePlus devices like the OnePlus 5, 3T and 3 (you can find it yourself searching Settings > Apps > Menu > Show system apps, and then search “EngineerMode” in the app list). It’s used to run system tests for things like GPS, vibration, screen brightness, and also root checking.

EngineerMode has been known about for a while, but the risks it presents weren’t known until after Alderson did some digging. The developer discovered a password-protected backdoor within the app’s code, which he was able to work around to gain root access — a big enough problem to begin with for OnePlus in terms of security. But that was before some smart folks chimed in having discovered the actual password (it’s Angela, which, coincidentally, is also likely a Mr Robot reference).

This means root access can be achieved using just one command line — giving hackers the potential to cause harm without much work. It’s not something that could be achieved remotely, however, you would need the physical OnePlus device connected to a computer running the Android Debug Bridge (ADB) to exploit the vulnerability.

This nonetheless raises questions over why is the device shipping with this app (presumably it has just been overlooked) and whether it’s available on other Qualcomm devices.

Alderson said that he would publish an app soon to allow users to simply gain root access to their devices. Meanwhile, OnePlus co-founder Carl Pei has already announced that OnePlus is investigating the issue.

We’ve also we’ve reached out to OnePlus and will update this story when we receive comment.



Source link