OnePlus is going to remove backdoor from its phone’s software
OnePlus has made it known via a forum post from an employee that it will remove the ability to gain root access via adb from its phones software via an over-the-air update.
In the forum post, the employee states that OnePlus does not consider the possibility of obtaining root access via adb as a major security problem, but indicates that the manufacturer understands that users still have concerns, and that they therefore disable the option of root access via adb. to get the EngineerMode. The employee did not say when exactly this will happen.
The contributor confirms that EngineerMode allows root access via adb, but states that this does not allow other apps to gain root access and its privileges. He also points out that root access via adb is only accessible if usb debugging, which is disabled by default, is turned on. The employee also says that any form of root access is only possible if someone has physical access to the relevant OnePlus smartphone.
On Monday, a hacker claimed to have found a backdoor in the software of OnePlus phones. Thanks to that backdoor and a password, it is possible to gain root access. The backdoor is contained in the EngineerMode test application, which the manufacturer uses to test device functions. That app is included in builds of the firmware of, among others, the OnePlus 5, OnePlus 3T and 3, the three most recent devices from the Chinese manufacturer. reported the hacker with the aliases Elliot Alderson and fs0c131y.
To gain root access to the devices, it is enough to run a script and have the password. The hacker did that in his demonstration via adb. The password is ‘angela’. EngineerMode is a OnePlus custom app originally from Qualcomm. Simply gaining root access allows malware to bypass Android’s regular security. It is unknown if malicious people have already used this trick. OnePlus CEO Carl Pei said earlier that OnePlus is looking into the potential vulnerability.