OnePlus backdoor means hackers could take over your phone

OnePlus Left Behind a Testing App on Its Devices With Backdoor to Root Access Report

OnePlus accused of leaving a backdoor to give root access

OnePlus, an electronics manufacturer based in China, has reportedly been shipping its line of popular smartphones with a hidden backdoor that could allow a hacker to hijack the device relatively effortlessly. It's used by the operator in the factory to test the devices. It's been discovered that a testing app has been left on many OnePlus devices, creating a backdoor that bypasses the need to unlock the bootloader to get root-level access.

The app, called EngineerMode, is not normally seen unless you ask to see the device's system apps.

Alderson, with the help of cybersecurity experts, was able to root a OnePlus device with a few commands.

Chevrolet Corvette ZR1 is Coming and, Dear God, So Much Power!
Both of the rear wings are attached to the car's chassis - something Chevrolet claims will increase strength and stability. A 7-speed manual gearbox is standard, with the new 8-speed automatic an option.

Change will be a Constant in Star Wars Battlefront II
"As one example, today we're making a substantial change based on what we've seen during the Play First trial", executive producer John Wasilczyk wrote .

Hate Crimes Increased by 4.6 Percent in 2016
In a statement addressing the report Monday, the Anti-Defamation League focused on the overall increase in reported hate crimes. Of those crimes previous year , 25 were motivated by race, two by religion, and 12 by sexual orientation.

The backdoor is provided through an application called Engineer Mode that ships pre-installed on the devices. The staff member reassured users by saying that third-party apps can't gain full root privileges from EngineerMode. It has been found on the OnePlus 5, as well as the OnePlus 3 and 3T.

Entering the password into the EngineerMode app provides permanent root access to the Android Debug Bridge process. Check the name of native library used to check the code: door...

While the vulnerability allows attackers to use the EngineerMode app to fully compromise devices, a mitigating factor is that local access to devices is needed - no remote exploit is available. OnePlus has been alerted to the exploit and CEO Carl Pei has confirmed that the company is looking into it. It should be a simple matter of just removing the APK in an update, but this will certainly put a damper on the launch of the OnePlus 5T, which comes out this week. The company already drew criticism earlier this year over its onerous data collection practices, in which the company sucked up sensitive data from user devices and transmitted that information with each device's serial number attached.

Latest News