OnePlus pre-installed a factory app that allows Root access

Elliot Anderson (mobile security researcher) has found a pre-installed factory app in all OnePlus devices running OxygenOS that could enable anyone to gain root access to the devices.

OnePlus devices (most of them) come preinstalled with an app called EngineerMode that can be used to root the device and may be turned into a completely-fledged backdoor by smart attackers.

EngineerMode is a diagnostic testing app created by Qualcomm for device manufacturers to quickly test all hardware elements of the device. It can make a series of intrusive hardware diagnosis tests, but can also check for root status, diagnose the GPS function, and more.

According to the researcher:
“Hey @OnePlus! I don’t think this EngineerMode APK must be in an user build…
This app is a system app made by @Qualcomm and customised by @OnePlus. It’s used by the operator in the factory to test the devices.”

 

The researcher said that anyone with physical access to a device can run the following command to root the device:
adb shell am start -n com.android .engineeringmode/.qualcomm.DiagEnabled –es “CODE” “PASSWORD”

, where CODE = code and PASSWORD = angela

Anyone can check if this app is installed on the OnePlus device or not by going to settings, open apps, enable show system apps from top right corner menu (three dots) and search for EngineerMode.APK in the apps list.

The following two tabs change content below.

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Latest posts by Unallocated Author (see all)

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Leave a Reply