OnePlus left a backdoor in Oxygen OS that hackers could exploit

Alfred Osborne
November 14, 2017

OnePlus has still to fully recover from the data collection allegations it faced last month, and now fresh allegations have surfaced over user privacy.

OnePlus is catching heat from its customers yet again, this time for the discovery of a pre-installed application found on several of its handsets that could allow an attacker to gain root access. According to a Twitter user Elliot Alderson, some of OnePlus devices come with EngineerMode APK app pre-loaded on them, which acts as a backdoor, giving people root access without the need for unlocking the phone. The app in question is EngineerMode APK, and it has been developed by Qualcomm for the device manufacturers to test hardware components. The application is present in all OnePlus devices including 3, 3T and 5. "There's an activity - dubbed 'DiagEnabled" - associated with this app, which if launched with the correct password will give you the root access.

The app's primary objective is to test the phones during manufacturing and make sure the device is working correctly, but the app isn't then wiped from the phone. The user can access manual tests like root status test, Global Positioning System test or the main activity by sending a command. It is alarming how easily someone can get access to your smartphones in this day and age. Worse, the security software in the smartphone will fail to diagnose any such issue if the "superuser" has installed some high-tech malware in the system, notes First Post. That should be great news for those Android savvy users who want to root their devices.

Top 10 healthy food items that regulate blood sugar
Why does blood sugar matter? In people diagnosed with diabetes, their pancreas doesn't produce any insulin, or not enough insulin. In spite of the fact that so many USA citizens have type 2 diabetes, there are still alarming misconceptions about the condition.

Warriors vs. Magic, Monday night
After Monday's game, the Warriors fly to Boston to face the red-hot Celtics in a nationally televised game Thursday. After West corralled a rebound, he and Speights exchanged words and had to be separated by officials.

Amazon sells AWS cloud assets in China amid tightening regulation
Amazon was a late entrant to the Chinese cloud market which is dominated by local players like AliCloud and China Telecom. Legal reasons appear to be the reason that Amazon is offloading the business.

Alderson, with the help of cybersecurity experts, was able to root a OnePlus device with a few commands.

For its part, OnePlus has confirmed that the company is looking into the claims made by the developer.

Will it affect OnePlus 5T sales? But the team proved it can be done without a whole lot effort, which in turn leaves a lot of OnePlus devices vulnerable.

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER