OnePlus left a backdoor in Oxygen OS that hackers could exploit

OnePlus left a backdoor in Oxygen OS that hackers could exploit

OnePlus left a backdoor in Oxygen OS that hackers could exploit

The app called "EngineerMode" was recently discovered - and it's supposed to function as a diagnostic app available for manufacturers to easily test hardware components of these devices.

This is not the first time that OnePlus has been accused of compromising privacy of its users.

Some of OnePlus devices come with EngineerMode APK app pre-loaded on them, which reportedly acts as a backdoor, giving people root access without the need for unlocking the phone.

The application is called "EngineerMode" and was developed by Qualcomm for factory testing. It should be a simple matter of just removing the APK in an update, but this will certainly put a damper on the launch of the OnePlus 5T, which comes out this week. They are able to gain root if they have a password to bypass privilege escalation checks. It's used by the operator in the factory to test the devices. The developer also stated that deploying the "DiagEnabled" activity found in the APK with a specific password, it is possible to root the device.

While it appears OnePlus is responsible for leaving Engineer Mode on its devices, it is not directly responsible for the application itself or the backdoor it creates. It has been found on the OnePlus 5, as well as the OnePlus 3 and 3T.

What is worse, Baptiste and other researchers note that this effective backdoor might not just be limited to the OnePlus phones that initially exposed the package, but could affect a number of Qualcomm-equipped handsets. The app has the ability to diagnose Global Positioning System, check root status and perform a series of tests.

Thanks for the heads up, we're looking into it. OnePlus co-founder Car Pei tweeted that the company will look into the claims made by the developer. At the time, OnePlus stated that the whole goal of collecting data was to improve the service.

Related news

[an error occurred while processing the directive]