OnePlus accused of leaving a backdoor to give root access

Share

According to one developer named as Elliot Alderson, OnePlus has an application called as "EngineerMode", which is basically used to check whether the unit is working properly or not in the factory. If it was overlooked, it is likely the upcoming 5T would have it also, which would necessitate removing the app before the device ships on November 16.

He plans to release an app for rooting OnePlus devices sometime today, and we'll update the post when it is released.

The app can diagnose Global Positioning System, check the root status, perform a series of automated tests, and more.

OnePlus is catching heat from its customers yet again, this time for the discovery of a pre-installed application found on several of its handsets that could allow an attacker to gain root access.

OnePlus has recently accused of collecting a vast amount of sensitive private data from users' smartphones in the past and now, the company has been blamed for leaving a backdoor on its devices that is capable of granting root access.

Getting root access to a smartphone allows a hacker to access "superuser" mode, making it extremely easy to inject malware with surveillance capabilities. The user can access manual tests like root status test, Global Positioning System test or the main activity by sending a command.

Alderson, with the help of cybersecurity experts, was able to root a OnePlus device with a few commands.

The inclusion of the app appears to be an oversight on the part of OnePlus, and company founder Carl Pei said the team is looking into it.

The code for the app is digitally signed and contains a password with weak encryption that is easily discernible, security vendor NowSecure found. Following the allegations, OnePlus took some steps, and added the new "opt-in" option for the user experience program.

Share