OnePlus was recently in hot waters when it was found collecting personally identifiable information for analytics. Now, a new report has surfaced online which could create trouble for the company ahead of its new smartphone launch.
A Twitter user, who goes by the name “Elliot Anderson” (named after the lead character of Mr Robot TV show) has discovered that OnePlus accidentally left in place a diagnostic testing application. He further added that the application can be exploited in order to grant root access which could effectively act as a backdoor.
The mobile application in question is a system app that was made by Qualcomm and customized by OnePlus. Named as EngineerMode, the application is provided by Qualcomm to OEMs for easily testing all hardware components of the device.
Named as “EngineerMode”, the application comes pre-installed on OnePlus devices, including the OnePlus 5, 3T and 3. It is used to run system tests for GPS, vibration, screen brightness, as well as for checking root access and performing a series of automated tests.
When the twitter user decompiled the application, he found that by launching the ‘DiagEnabled’ activity found in the APK with a specified password, the device could actually be rooted. One of the system property allows the user to run ADB as root which enables the user to acquire full root access on the phone without unlocking the bootloader.
The ‘DiagEnabled’ is a Qualcomm made activity so there is a possibility that other Qualcomm devices could possibly be affected by this. To check if your device has EngineerMode installed, go to Settings -> Apps -> Menu -> Show system apps and search for “EngineerMode” in the list.
This appears to be a massive security issue as hackers may find ways to use it to gain access to OnePlus handsets. The developer has said that he plans to release an app for rooting OnePlus devices soon.
Read More: OnePlus CEO Releases Camera Sample Teasing The OP5T’s Amazing Low-Light Performance
Meanwhile, in response to this, Carl Pei, CEO of the company, said that they are looking into the matter. This security issues comes into light just days before the company is set to launch its upcoming smartphone — OnePlus 5T in New York.
(Source)
