OnePlus pre-installed a factory app that allows Root access

Share if you likedShare on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn1

Elliot Anderson (mobile security researcher) has found a pre-installed factory app in all OnePlus devices running OxygenOS that could enable anyone to gain root access to the devices.

OnePlus devices (most of them) come preinstalled with an app called EngineerMode that can be used to root the device and may be turned into a completely-fledged backdoor by smart attackers.

EngineerMode is a diagnostic testing app created by Qualcomm for device manufacturers to quickly test all hardware elements of the device. It can make a series of intrusive hardware diagnosis tests, but can also check for root status, diagnose the GPS function, and more.

According to the researcher:
“Hey @OnePlus! I don’t think this EngineerMode APK must be in an user build…
This app is a system app made by @Qualcomm and customised by @OnePlus. It’s used by the operator in the factory to test the devices.”

 

The researcher said that anyone with physical access to a device can run the following command to root the device:
adb shell am start -n com.android .engineeringmode/.qualcomm.DiagEnabled –es “CODE” “PASSWORD”

, where CODE = code and PASSWORD = angela

Anyone can check if this app is installed on the OnePlus device or not by going to settings, open apps, enable show system apps from top right corner menu (three dots) and search for EngineerMode.APK in the apps list.

Share if you likedShare on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn1

Eslam Medhat

is a professional pen-tester with over 9 years of IT experience bringing a strong background in programming languages and application security, ranging from network and system administration to exploit research and development. He reported various vulnerabilities for high profile companies and vendors and was successfully acknowledged by them.

Leave a Reply