One of the biggest concerns with buying from smaller brands that many often overlook is security. Earlier this year BLU was revealed to have some serious security concerns, and even OnePlus has had issues revealed. Now, another potential threat has arisen on OnePlus devices as an app on several of the company’s phones has been revealed to carry root access.
A developer recently discovered that an app installed on OnePlus devices (OnePlus 3, 3T, 5 according to Android Police) called “EngineerMode.” This app is used by OnePlus to ensure that a device is working properly before it leaves the factory. However, it also holds a backdoor which is capable of root access, even if the device has not been unlocked.
Root access was still hidden behind a password, but once that was cracked, that developer was able to obtain root access on the phone. That developer has plans to release an app which exploits this method as a way to give OnePlus users the easiest root method of all time, but don’t expect that to last long.
So yes, if you send the command: adb shell am start -n https://t.co/yYfeX14Ioj.engineeringmode/.qualcomm.DiagEnabled –es "code" "password" with the correct code you can become root!
— Elliot Alderson (@fs0c131y) November 13, 2017
This exploit is just that, an exploit in the phone’s security. While the risk is low since enabling root requires ADB, it still poses a threat to users. OnePlus has been alerted to the exploit and CEO Carl Pei has confirmed that the company is looking into it. Hopefully, that ends with an update that removes the app.
Thanks for the heads up, we're looking into it.
— Carl Pei (@getpeid) November 13, 2017
Check out 9to5Google on YouTube for more news:
FTC: We use income earning auto affiliate links. More.