OnePlus Security Troubles Mount As Root Access Backdoor Discovered In Preinstalled App

OnePlus 5 Security

While that was deliberate, the company is again in the news for another problem with its devices, where a preloaded app can allow users to root their devices through a backdoor, without unlocking the bootloader. With the help of a few cybersecurity experts, the required password was discovered, making rooting a OnePlus phone as easy as running a few commands.

He was able to find a system app named EngineerMode that is actually a Qualcomm factory app with the ability to toggle components such as the charging chip, GPS, NFC and others - as this app shouldn't be included in consumer-side ROMs, it's a target app that malicious actors will want to crack into.

The app and the subsequent backdoor access was discovered by Twitter user Elliott Alderson (a reference to the Mr. Robot character), who then went into a lot of detail about how to gain root access to the device. A developer has found an application that can be manipulated into to granting a backdoor root access. With root access, an attacker could change just about anything about the device's software. It has been found on the OnePlus 5, as well as the OnePlus 3 and 3T. However, carrying out such an attack would require physical access to the device-the hacker would need to have the smartphone in hand to hijack Engineer Mode and start doing damage.

This app is a system app made by @Qualcomm and customised by @OnePlus. The company recently admitted to collecting personal information of users without their permission.

Earlier, according to a post on Christopher Moore's blog, OnePlus is collecting sensitive private data like IMEI numbers, mobile network names and IMSI prefixes, MAC addresses, and more. Once the app was decompiled, a password was still needed for the app so that it would give root access to devices.

OnePlus did not immediately respond to a request for comment.



Otras noticias