Just over a calendar month afterward OnePlus was caught collecting personally identifiable information on its users, the Chinese smartphone companionship has been constitute leaving a backdoor on near all OnePlus handsets.
H5N1 Twitter user, who goes yesteryear the cite "Elliot Anderson" (named afterward Mr. Robot's principal character), discovered a backdoor (an exploit) inwards all OnePlus devices running OxygenOS that could permit anyone to obtain root access to the devices.
The application inwards inquiry is "EngineerMode," a diagnostic testing application made yesteryear Qualcomm for device manufacturers to easily exam all hardware components of the device.
This APK comes pre-installed (accidentally left behind) on most OnePlus devices, including OnePlus 2, 3, 3T, too the newly-launched OnePlus 5. We tin give notice confirm its existence on the OnePlus 2, 3 too 5.
You tin give notice every bit good banking company jibe if this application is installed on your OnePlus device or not. For this, merely become to settings, opened upwards apps, enable demonstrate organization apps from top correct corner carte du jour (three dots) too search for EngineerMode.APK inwards the list.
If it's there, anyone amongst physical access to your device tin give notice exploit EngineerMode to arrive at root access on your smartphone.
EngineerMode has been designed to diagnose issues amongst GPS, banking company jibe the root condition of the device, perform a serial of automated 'production line' tests, too many more.
After decompiling the EngineerMod APK, the Twitter user constitute 'DiagEnabled' activity, which if opened amongst a specific password (It is "Angela", constitute afterward contrary engineering) allows users to arrive at amount root access on the smartphone—without fifty-fifty unlocking the bootloader.
Although the direct a opportunity of this application already beingness exploited inwards the wild is likely low, it seems to move a serious safety describe of piece of job concern for OnePlus users every bit root access tin give notice move achieved yesteryear anyone using a unproblematic command.
Moreover, amongst root access inwards hands, an aggressor tin give notice perform lots of unsafe tasks on victim's OnePlus phone, including stealthy installing sophisticated spying malware, which is hard to honor or remove.
Meanwhile, inwards guild to protect themselves too their devices, OnePlus owners tin give notice merely disable root on their phones. To produce so, run next dominance on ADB shell:
"setprop persist.sys.adb.engineermode 0" too "setprop persist.sys.adbroot 0" or telephone telephone code *#8011#In reply to this issue, OnePlus co-founder Carl Pei said that the companionship is looking into the matter.
The Twitter user has promised to liberate a one-click rooting app for OnePlus devices using this exploit. We volition update the article every bit shortly every bit it is available.
Share This :
comment 0 Comments
more_vert