OnePlus Installed An App On Their Phones That Offers A Backdoor For Root Access.

Discussion in 'Android News' started by DroidModderX, Nov 14, 2017.

  1. DroidModderX

    DroidModderX Super Moderator
    Staff Member Premium Member

    Joined:
    Oct 6, 2011
    Messages:
    5,690
    Likes Received:
    2,116
    Trophy Points:
    478
    Ratings:
    +2,235
    [​IMG]

    The OnePlus lineup of devices may have just become the easiest phones out there to root thanks to an app that OnePlus installed on devices that offers a back door for root access to be enabled. This news will make some OnePlus 5T buyers less than confident about their decision to buy when the device is launched in a few days. The app in question is "EngineeringMode". This app is meant to allow OnePlus to check the that everything is working properly. The app is able to perform automated tasks such as check for root, check on GPS chip status, and much more.

    The troubling part of all this is that the EngineeringMode apk when launched allows for root access with a simple ADB command and a password. Their is currently a developer working on a one click root method who has access to that password. This backdoor is less troublesome when you consider the would be hacker looking to gain root access to your device would need to have possession of your device in order to launch the command. Of course if you download apps from third party sources those apps may be able to access certain areas of your phone and use this backdoor to gain root access so that is a bit scary.

    Apparently the app was developed by Qualcomm and is used in other OEM devices like the Asus Zenfone, Xiaomi Redmi 3S and at least one other device running MIUI. OnePlus CEO Carl Pei has already stated that the company is looking into this. It is likely that we will see a new update which will patch this backdoor. I'm all for easy root methods, but not at the expense of security. Hopefully OnePlus will have a fix for this ASAP.

    via Phandroid
     

    Attached Files:

  2. Sajo

    Sajo Diamond Member

    Joined:
    Jan 25, 2013
    Messages:
    11,346
    Likes Received:
    7,089
    Trophy Points:
    1,863
    Location:
    Tennessee
    Ratings:
    +7,599
    Current Phone Model:
    Moto Droid Z Force
    Security vulnerabilities are always a scary concern, but at least in this case it sounds like the perpetrator would need physical access to the phone to cause any harm. Or the user installed a very bad app from a bad source. Hopefully One+ fixes this, but doesn't sound too awfully scary right now.

    Sent from my XT1650 using Tapatalk
     
  3. me just sayin

    me just sayin Gold Member

    Top Poster Of Month

    Joined:
    Jun 7, 2017
    Messages:
    2,296
    Likes Received:
    945
    Trophy Points:
    348
    Location:
    35.7051° N, 89.9695° W
    Ratings:
    +1,018
    Current Phone Model:
    Note 8
    easy root would be fun to have but only with strict security. wonder how soon they will fix this.
     
  4. bkdodger

    bkdodger Super Moderator
    Staff Member

    Joined:
    Dec 13, 2011
    Messages:
    7,677
    Likes Received:
    4,014
    Trophy Points:
    1,563
    Location:
    Staten Island, New York
    Ratings:
    +4,296
    Current Phone Model:
    Nexus 6
    Remove system app should do the trick

    Pixel 2 XL
     
  5. me just sayin

    me just sayin Gold Member

    Top Poster Of Month

    Joined:
    Jun 7, 2017
    Messages:
    2,296
    Likes Received:
    945
    Trophy Points:
    348
    Location:
    35.7051° N, 89.9695° W
    Ratings:
    +1,018
    Current Phone Model:
    Note 8
    another backdoor???

    Second logging app discovered on OnePlus devices
     
Search tags for this page

azs