OnePlus has left an app on its devices that could compromise security

OnePlus has left an app on its devices that could compromise security

According to mobile security researcher Robert Baptiste-otherwise known by the pseudonym Elliot Alderson, a reference to the main character in the television series "Mr. Robot"-smartphones from OnePlus have for years contained a hidden backdoor that would allow root access to the device".

With the password cracked, it's now possible for an app to enable root access on any device with the APK preinstalled.

He further claims that the company has intentionally left the backdoor on their devices.

If hackers wanted to get into your phone, they would need physical access to it, so if you have any OnePlus devices, just keep it away from any of your playful tech-savvy friends until the app is officially removed.

A developer managed to use this very app to root the device by figuring out the password used to gain root access.

Qualcomm will reportedly reject Broadcom's offer
Those concerns all came together to make Qualcomm's answer to Broadcom a big fat no, so now the ball is back in Broadcom's court. Qualcomm delivers chips to carrier networks to provide broadband and mobile data.

Unfortunately, it seems someone at OnePlus forgot to remove or disable the package before kicking the handsets out to the general public, and as a result multiple users now have access to what is effectively a back door in their Android phones. The developer further added that he will publish an application for rooting OnePlus devices without unlocking. It is actually a modified version of a testing application created by Qualcomm.

Enlarge / The "Engineering Mode" app from a OnePlus 3T. Check the name of native library used to check the code: door...

"If you have an OnePlus device, I'm pretty sure you have this app pre-installed".

He was able to find a system app named EngineerMode that is actually a Qualcomm factory app with the ability to toggle components such as the charging chip, GPS, NFC and others - as this app shouldn't be included in consumer-side ROMs, it's a target app that malicious actors will want to crack into.

The discoverer of the app had a problem.

Related Articles