App on several OnePlus devices grants backdoor root access

Share

The app in question is a system app that was apparently made by Qualcomm and customized by OnePlus; it's called EngineerMode and arrives pre-installed on OnePlus devices like the OnePlus 5, 3T and 3 (you can find it yourself searching Settings Apps Menu Show system apps, and then search "EngineerMode" in the app list).

This is not the first time that OnePlus has been accused of compromising privacy of its users.

If hackers wanted to get into your phone, they would need physical access to it, so if you have any OnePlus devices, just keep it away from any of your playful tech-savvy friends until the app is officially removed. However, Baptiste and researchers at security firm NowSecure were able to crack the password -which was "angela"-and gain access to the application". Hopefully, that ends with an update that removes the app. The app has the ability to diagnose Global Positioning System, check root status and perform a series of tests. The developer also stated that deploying the "DiagEnabled" activity found in the APK with a specific password, it is possible to root the device.

More news: Barbie Just Made History With Its Latest Empowering Doll
More news: Sweden shatter Italy's World Cup dream
More news: Lions rally past winless Browns 38-24 at Ford Field

OnePlus, an electronics manufacturer based in China, has reportedly been shipping its line of popular smartphones with a hidden backdoor that could allow a hacker to hijack the device relatively effortlessly. The developer further added that he will publish an application for rooting OnePlus devices without unlocking.

Thanks for the heads up, we're looking into it.

Will it affect OnePlus 5T sales? The app gives unprecedented access to a host of security-sensitive features of your phone, with the worst offender being the "all clear" command, which would erase all data on the phone, internal storage and all. He discovered that his OnePlus 2 device was sending data to an HTTPS domain, which was transmitted to Amazon Web Services and belongs to OnePlus (open.oneplus.net domain).

Share