Hacker claims to have found backdoor in OnePlus software
A hacker claims to have found a backdoor in the software of OnePlus phones. Thanks to that backdoor and a password, it is possible to gain root access. OnePlus says it is investigating the matter.
The backdoor is in a test application EngineerMode, which the manufacturer uses to test device functions. That app is included in builds of the firmware of, among others, the OnePlus 5, OnePlus 3T and 3, the three most recent devices from the Chinese manufacturer. reports the hacker with the aliases Elliot Alderson and fs0c131y.
To gain root access to the devices, it is enough to run a script and have the password. The hacker did that in his demonstration via adb. The password is ‘angela’. EngineerMode is a OnePlus custom app originally from Qualcomm.
Simply gaining root access allows malware to bypass regular Android security. It is unknown whether malicious parties have already used this trick. OnePlus CEO Carl Pei say that OnePlus is looking at the possible vulnerability.
Many hackers report leaks to companies and wait for the manufacturer to patch a patch before publishing, but fs0c131y has not done so and has posted its findings online. Moreover, he plans to release a proof of concept, which will allow users to get root on their device.
It is unknown whether only devices from OnePlus are susceptible, or whether phones from the much larger sister company Oppo are also affected. Users have also encountered a modified version of Qualcomm’s EngineerMode on Oppo phones in the past.