OnePlus Backdoor Can Allow Hackers To Gain Root Access

[rgMekanic]

It has been discovered that several models of OnePlus smartphones were inadvertently left with a Qualcomm diagnostic tool called EngineerMode inside it's smartphones. The application was made to provide manufacturers like OnePlus a tool to test all the components of their devices. Robert Baptiste, a freelance security researcher who discovered the mistake, claimed that the app could also provide root access to the devices through the right password.

As a Oneplus owner, I can't say I'm really worried. If you read the response from OnePlus, USB Debugging must be enabled, and the attacker would need physical access to the phone. With physical access to hardware nearly anything can be done to any device. The article also mentions that "EngineerMode" has been found on ASUS and Xiaomi devices as well, however there have been no official statements from them.

OnePlus responded to the reports by saying that the problem is not as bad as people were saying. The company claimed that while EngineerMode can grant root privileges, it will not allow third-party apps to gain such access. In addition, gaining root access is only possible if users have activated USB debugging, and hackers will need to have physical access to the target device.

 

[Master_shake_]

so someone needs to have the phone to hack it?

that's not so bad.

 

[Spidey329]

That's how my Samsung S7 has root, through an engineer bootloader. So this doesn't surprise me.

 

[gxp500]

The topic should be changed to "Easy root from the factory for OnePlus owners" i wish every phone had a root toggle.

 

[Pieter3dnow]

I has been discovered that several models of OnePlus smartphones were inadvertently left with a Qualcomm diagnostic tool called EngineerMode inside it's smartphones. The application was made to provide manufacturers like OnePlus a tool to test all the components of their devices. Robert Baptiste, a freelance security researcher who discovered the mistake, claimed that the app could also provide root access to the devices through the right password.

As a Oneplus owner, I can't say I'm really worried. If you read the response from OnePlus, USB Debugging must be enabled, and the attacker would need physical access to the phone. With physical access to hardware nearly anything can be done to any device. The article also mentions that "EngineerMode" has been found on ASUS and Xiaomi devices as well, however there have been no official statements from them.

OnePlus responded to the reports by saying that the problem is not as bad as people were saying. The company claimed that while EngineerMode can grant root privileges, it will not allow third-party apps to gain such access. In addition, gaining root access is only possible if users have activated USB debugging, and hackers will need to have physical access to the target device.

T missing there

 

[krotch]

They should have an engineering mode for all phones. Give a default password, then provide the ability to change password. I'd kill to have easy root access to my phone.

 

[DocFaustus]

So if the cops take your phone they are guaranteed a way to circumvent your security and get into your phone?

 

[Wrecked Em]

Sounds like a feature to me. I had to wait a year before buying my phone of choice until it became rootable, then it took me another 3 hours to root it. I'd pay a premium for a pre rooted modern phone.