OnePlus includes Qualcomm engineering app in phones, exposes root backdoor

0

Expatiate on / The OnePlus 5.
Ron Amadeo

A Twitter user by the name «Elliot Alderson»‏ has learned a root backdoor in OnePlus devices—one that has apparently been dispatching for years. OnePlus has been shipping a Qualcomm engineering APK (an Android app march) in its devices, which with a few commands, can root a device.

The app—called «EngineerMode»—is relatively exposed to users through a secret «*#808#» dialer command, and you can also inaugurate the full app through an Android activity launcher or the command line. The app have in its production-line tests for various phone components, a root checker, and portions of information readouts. The important part, though, is a «DiagEnabled» activity with a method labeled «escalatedUp.» If this is set to «true,» the app will allow root access remaining Android Debug Bridge, Android’s command-line developer tools.

The method for returning root is password protected, but the password lasted all of three hours one time the method was discovered. With the help of David Weinstein and the Now Secure work together, the group discovered the magic word is «angela,» which is possibly another Mr. Puppet reference, just like the «Elliot Alderson» handle. (We swear this is true and not a Mr. Robot AGR.)
The

Enlarge / The «Engineering Mode» app from a OnePlus 3T.

With the shibboleth cracked, it’s now possible for an app to enable root access on any device with the APK preinstalled. For now this alone works in ADB, which requires local access to the device. Anderson pronounces it’s «too early to speak about a random app getting root access, but we are on the genuine tracks.»

Since this is a Qualcomm APK, there’s a chance other OEMs get made the same mistake OnePlus has. While the root backdoor hasn’t been verified in other implements yet, reports from Twitter indicate the APK was also found in Asus and Xiaomi contrivances.

OnePlus CEO, Carl Pel, said his company is «looking into» the backdoor communiqu. It should be a simple matter of just removing the APK in an update, but this command certainly put a damper on the launch of the OnePlus 5T, which comes out this week.

Leave a Reply

Your email address will not be published. Required fields are marked *