Hacker claims to have found backdoor in software OnePlus
A hacker claims to have found a backdoor in the software of OnePlus phones. Thanks to that backdoor and a password, it is possible to gain root access. OnePlus says it is investigating the matter.
The backdoor is contained in a test application EngineerMode, which the manufacturer uses to test functions of devices. That app is included in builds of the firmware of the OnePlus 5, OnePlus 3T and 3, the three most recent devices from the Chinese manufacturer, among others. reports the hacker with the aliases Elliot Alderson and fs0c131y.
To gain root access to the devices, it is enough to run a script and have the password. The hacker did that in his demonstration via adb. The password is ‘angela’. EngineerMode is a OnePlus custom app originally from Qualcomm.
Simply gaining root access allows malware to bypass Android’s regular security. It is unknown if malicious people have already used this trick. OnePlus CEO Carl Pei says that OnePlus is looking into the possible security flaw.
Many hackers report vulnerabilities to companies and wait to publish until the manufacturer implements a patch, but fs0c131y has not done so and put its findings online. In addition, he plans to release a proof of concept that will allow users to get root on their device.
It is unknown whether only OnePlus devices are susceptible, or whether it also concerns phones from the much larger sister company Oppo. Users have also found a modified version of Qualcomm’s EngineerMode on Oppo phones in the past.