A few months ago, OnePlus was caught collecting detailed analytics of personal data from the phone owners, which the company later reversed. Well, another discovery pops in the software of OnePlus phones, where the company has been accused to install a backdoor into its phone, which hackers can easily exploit and also take control of the affected phones.
ALSO READ: OnePlus Is Rolling Out OxygenOS 4.5.14 Update For OnePlus 5!
OnePlus Backdoor In OxygenOS
The Cybersecurity bug and a Twitter user ‘Elliot Alderson’ spotted a backdoor in OnePlus’ OxygenOS, which according to XDA Developers, is a diagnostic testing tool supplied by Qualcomm. Dubbed as ‘EngineerMode’ the tool paves the way for phone makes to test the hardware on their device.
<Thread> Hey @OnePlus! I don’t think this EngineerMode APK must be in an user build…
This app is a system app made by @Qualcomm and customised by @OnePlus. It’s used by the operator in the factory to test the devices. pic.twitter.com/lCV5euYiO6— Elliot Alderson (@fs0c131y) November 13, 2017
But, the downside is that this very hardware testing tool could exploit by hackers to gain root access to a device, apparently a backdoor access to the phone and in extreme condition, hackers can also take over the phone. The application is installed on the OnePlus 3, 3T and OnePlus 5. It is even included on OxygenOS for the OnePlus One (not the original CynogenOS ROM).
ALSO READ: EXCLUSIVE: Leak Confirms OnePlus 5T Pricing To Remain Same, Starting At Rs 32,999!
Yesterday, we received a lot of questions regarding an apk found in several devices, including our own, named EngineerMode, and we would like to explain what it is. EngineerMode is a diagnostic tool mainly used for factory production line functionality testing and after sales support.
We’ve seen several statements by community developers that are worried because this apk grants root privileges. While, it can enable adb root which provides privileges for adb commands, it will not let 3rd-party apps access full root privileges. Additionally, adb root is only accessible if USB debugging, which is off by default, is turned on, and any sort of root access would still require physical access to your device.
While we don’t see this as a major security issue, we understand that users may still have concerns and therefore we will remove the adb root function from EngineerMode in an upcoming OTA.
For the latest tech news, follow TechDipper on Twitter, Facebook, Google+ and subscribe to our YouTube channel.
Leave a Reply