OnePlus Installed An App On Their Phones That Offers A Backdoor For Root Access.

DroidModderX

Super Moderator
Staff member
Premium Member
Joined
Oct 6, 2011
Messages
5,782
Reaction score
2,132
oneplus-5-soft-gold-3-jpg.78058

The OnePlus lineup of devices may have just become the easiest phones out there to root thanks to an app that OnePlus installed on devices that offers a back door for root access to be enabled. This news will make some OnePlus 5T buyers less than confident about their decision to buy when the device is launched in a few days. The app in question is "EngineeringMode". This app is meant to allow OnePlus to check the that everything is working properly. The app is able to perform automated tasks such as check for root, check on GPS chip status, and much more.

The troubling part of all this is that the EngineeringMode apk when launched allows for root access with a simple ADB command and a password. Their is currently a developer working on a one click root method who has access to that password. This backdoor is less troublesome when you consider the would be hacker looking to gain root access to your device would need to have possession of your device in order to launch the command. Of course if you download apps from third party sources those apps may be able to access certain areas of your phone and use this backdoor to gain root access so that is a bit scary.

Apparently the app was developed by Qualcomm and is used in other OEM devices like the Asus Zenfone, Xiaomi Redmi 3S and at least one other device running MIUI. OnePlus CEO Carl Pei has already stated that the company is looking into this. It is likely that we will see a new update which will patch this backdoor. I'm all for easy root methods, but not at the expense of security. Hopefully OnePlus will have a fix for this ASAP.

via Phandroid
 

Attachments

  • oneplus-5-soft-gold-3.jpg
    oneplus-5-soft-gold-3.jpg
    54.6 KB · Views: 1,907

Sajo

Diamond Member
Joined
Jan 25, 2013
Messages
19,959
Reaction score
15,651
Location
Tennessee
Current Phone Model
Pixel 6
Security vulnerabilities are always a scary concern, but at least in this case it sounds like the perpetrator would need physical access to the phone to cause any harm. Or the user installed a very bad app from a bad source. Hopefully One+ fixes this, but doesn't sound too awfully scary right now.

Sent from my XT1650 using Tapatalk
 

me just sayin

Diamond Member
Joined
Jun 7, 2017
Messages
5,039
Reaction score
4,460
Location
35.7051° N, 89.9695° W
Current Phone Model
Note 8
another backdoor???

The app in question is called OnePlusLogKit and it’s a system-level application that can dump your wifi logs, NFC logs, and even your GPS logs...

What’s most egregious about this is that the app dumps these files to the phone’s SD card for easy pickup. By entering *#800# on the phone’s dialpad, you can enable OnePlusLogKit

Second logging app discovered on OnePlus devices
 
Top