OnePlus left a backdoor in its devices capable of root access

Share

OnePlus was in a bit of hot water earlier this month for collecting user data through OxygenOS and sending it back to the company, a practice it has since stopped.

Some of OnePlus devices come with EngineerMode APK app pre-loaded on them, which reportedly acts as a backdoor, giving people root access without the need for unlocking the phone.

According to one developer named as Elliot Alderson, OnePlus has an application called as "EngineerMode", which is basically used to check whether the unit is working properly or not in the factory. It is provided to OEMs by Qualcomm engineers to allow them to test their devices.

After tearing apart the phone's libdoor.so library, he managed to obtain root access though bypassing the escalate and isEscalated methods in the DiagEnabled activity.

"If you have an OnePlus device, I'm pretty sure you have this app pre-installed". It is alarming how easily someone can get access to your smartphones in this day and age. Worse, the security software in the smartphone will fail to diagnose any such issue if the "superuser" has installed some high-tech malware in the system, notes First Post.

Alderson, with the help of cybersecurity experts, was able to root a OnePlus device with a few commands.

Root implies to the highest degree of access to an Android operating system that is usually deployed to safeguard the privacy of the user.

The main risk is that affected phones can be rooted without needing access to a bootloader which is a security problem if a person's OnePlus phone falls into nefarious hands. OnePlus co-founder Car Pei tweeted that the company will look into the claims made by the developer.

Will it affect OnePlus 5T sales? Following the allegations, OnePlus took some steps, and added the new "opt-in" option for the user experience program.

Share