OnePlus phones have a backdoor that can be used to gain root access

OnePlus 3T

Update: See the official responsce from OnePlus about the security vulnerability at the end of the post.

Earlier (Nov 14): Just days ahead of OnePlus’s big smartphone announcement, a major security vulnerability has been discovered in several of the company’s smartphones. The vulnerability can be harnessed by a malicious party to effectively take control of your phone.

In a Twitter thread, a user going by the screen name “Elliot Anderson,” revealed that he/she has discovered an app called EngineerMode in the OnePlus 2, 3, 3T, and 5 smartphones. The ‘Engineermode’ is developed by Qualcomm for Snapdragon-powered devices to help the manufacturers in testing whether all components are working fine or not.

The app offers access to a number of tests and commands, including the ability to erase all data.

This is not all. The ‘DiagEnabled’ activity in the app when used with the right commands and a password leads to gaining root access. What is even worse that the password can be extracted from the device’s files itself. The NowSecure team was able to find this password (which is Angela) and the Twitter user Elliot applied it to successfully gain admin privileges.

Whatever is OnePlus’s reasoning behind keeping Engineermode on OnePlus consumersunits, it is a serious vulnerability. The company CEO Carl Pei has tweeted that he is investigating the matter. It will most likely be removed by the company in a future software update, but it shows how the young companies like OnePlus need to get it together, else they might end up hurting millions of the consumers, who trust them to provide a safe device.

This is the second instance of a security issue with OnePlus devices in last two months. Last month, the company was found collecting personally identifiable data from users’ smartphones.

How to check if Engineermode is present in your phone?

EngineerModeYou can also check if this application is installed on your device by going to settings > apps > show system apps from top right menu. The instance of Engineermode found in OnePlus devices has been customised by OnePlus, so even though the app might be available on the smartphones from the other manufacturers, the severity of this backdoor will vary.

I have Engineermode in my phone, what can do right now?

Disable developer options if active and disable the Engineermode app. This is the best you can do right now until OnePlus provides a fix.

I want to read technical details of this vulnerabilty?

This thread by Elliot Anderson is the best place to get all the technical nitty-gritties about the Engineermode debacle.

Update: Response from OnePlus

OnePlus has responded to the reports of the backdoor in the company’s smartphones. A company executive wrote n a forum post that it is true that EngineerMode can be used to gain root privileges, but it will require physical access to the device. Also, USB Debugging is switched off by default in the phones, which is also needed to run the necessary commands to gain root access. Still, in order for satisfy the consumers, the company will remove the adb root function from the EngineerMode APK in an upcoming OTA update.  Here is the company statement:

We’ve seen several statements by community developers that are worried because this (EngineerMode) apk grants root privileges. While, it can enable adb root which provides privileges for adb commands, it will not let 3rd-party apps access full root privileges. Additionally, adb root is only accessible if USB debugging, which is off by default, is turned on, and any sort of root access would still require physical access to your device. While we don’t see this as a major security issue, we understand that users may still have concerns and therefore we will remove the adb root function from EngineerMode in an upcoming OTA.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s