OnePlus accused of leaving a backdoor to give root access

Postado Novembro 14, 2017

Mere days ahead of the OnePlus 5T launch and OnePlus has been accused of inadvertent installing a backdoor into its phones which hackers could exploit to seize control of affected phones.

OnePlus has still to fully recover from the data collection allegations it faced last month, and now fresh allegations have surfaced over user privacy.

Root access was still hidden behind a password, but once that was cracked, that developer was able to obtain root access on the phone. Now, another potential threat has arisen on OnePlus devices as an app on several of the company's phones has been revealed to carry root access.

Dubbed "EngineerMode" the tool has been designed as an easy way for phone makers to test the hardware on their devices.

The application is called "EngineerMode" and was developed by Qualcomm for factory testing.

OnePlus users can find the app pre-installed by going into Settings Apps Menu Show System Apps and search for EngineerMode in the app list. The developer also stated that deploying the "DiagEnabled" activity found in the APK with a specific password, it is possible to root the device. It is alarming how easily someone can get access to your smartphones in this day and age. The user can access manual tests like root status test, Global Positioning System test or the main activity by sending a command.

The main risk is that affected phones can be rooted without needing access to a bootloader which is a security problem if a person's OnePlus phone falls into nefarious hands. The developer claims that the company has left behind the software intentionally, and he will come out with the application for rooting OnePlus devices without unlocking. OnePlus co-founder Car Pei tweeted that the company will look into the claims made by the developer.

"Thanks for the heads up, we're looking into it", Pei tweeted. At the time, OnePlus stated that the whole objective of collecting data was to improve the service.