OnePlus phones include an easily exploitable backdoor
Scott Adam Gordon
A developer has found a way to gain root access to a OnePlus device by exploiting an app designed for factory testing. The developer, who uses the name Elliot Alderson on Twitter (after the Mr Robot TV show lead), posted a series tweets yesterday outlining the steps taken to achieve the privileges.
The app in question is a system app that was apparently made by Qualcomm and customized by OnePlus; it arrives pre-installed on OnePlus devices like the OnePlus 5, 3T and 3 (you can find it yourself searching Settings > Apps > Menu > Show system apps, and then search “EngineerMode” in the app list).
It’s used to run system tests for things like GPS, vibration, screen brightness, and also root checking.
The app has been known about for a while, but after some digging around, the developer discovered a password-protected backdoor within the app’s code. The dev was able to work around this himself to gain root access — a big enough problem to begin with for OnePlus in terms of security — but that was before some smart folks chimed in having discovered the actual password (it’s Angela, which, coincidentally, is also likely a Mr Robot reference).
This means root access can be achieved using just one command line — giving hackers the potential to cause harm without much work. It’s not something that could be achieved remotely, however, you would need the physical OnePlus device connected to a computer running the Android Debug Bridge (ADB) to exploit the vulnerability.
It nonetheless raises questions over why is the device shipping with this app (presumably it has just been overlooked) and whether it’s available on other Qualcomm devices.
Alderson said that he would publish an app soon to allow users to simply gain root access to their devices. Meanwhile, OnePlus co-founder Carl Pei has already announced that OnePlus is investigating the issue.
We’ve also we’ve reached out to OnePlus and will update this story when we receive comment.