OnePlus engineering APK exposes backdoor to root access ars_ab.settitle(1204221)

OnePlus accused of leaving a backdoor to give root access

Your OnePlus Device Is Prone To Hacking

Alderson said that he would publish an app soon to allow users to simply gain root access to their devices. Intended for internal use only by the company's engineering team to test if devices are working properly, the application has managed to remain on OnePlus devices that have been shipped to consumers-and may present a threat to their security.

On Tuesday, developer Elliot Alderson tweeted that OnePlus has left behind an app that can act as a backdoor to get root access to a device without unlocking it. It's not something that could be achieved remotely, however, you would need the physical OnePlus device connected to a computer running the Android Debug Bridge (ADB) to exploit the vulnerability.

OxygenOS 4.5.1 on the OnePlus 3 and version 4.5.14 on the OnePlus 5 come with the EngineerMode app installed.

Unfortunately, it seems someone at OnePlus forgot to remove or disable the package before kicking the handsets out to the general public, and as a result multiple users now have access to what is effectively a back door in their Android phones. It is actually a modified version of a testing application created by Qualcomm.

As the impending launch of the OnePlus 5T nears, the company has once again found itself the subject of controversy.


Enlarge / The "Engineering Mode" app from a OnePlus 3T.

Dubbed "EngineerMode" the tool has been designed as an easy way for phone makers to test the hardware on their devices.

Earlier, according to a post on Christopher Moore's blog, OnePlus is collecting sensitive private data like IMEI numbers, mobile network names and IMSI prefixes, MAC addresses, and more. It is also possible to delete the app once it is discovered.

You can also check if this application is installed on your OnePlus device or not.

OnePlus did not immediately respond to a request for comment.

Latest News