Liliputing

  • Reviews
  • Deals
  • How To…
  • Mini PCs
  • Shop
  • About
    • About Liliputing
    • Contact us
    • Advertise on Liliputing
    • Support Liliputing
    • Privacy Policy

Backdoor found in OnePlus phones can provide root access without unlocking the bootloader (Updated)

11/14/2017 at 4:00 PM by Brad Linder 5 Comments

There are plenty Android phone users who make a habit of rooting their devices in order to gain more control over their device, gain access to system settings and files that would otherwise be unavailable, and run apps that only work on a rooted device.

But choosing to root your phone is one thing. Finding out that there’s an app on your phone that could be used to root your device with or without your permission or knowledge is another.

And it turns out that at least a few phones from OnePlus do include an app that lets you root the phone without first unlocking the bootloader. On the one hand that might be good news for folks that just want a simple way to root their device. On the other, it poses a security vulnerability that malicious hackers could theoretically use to take over your device.

So here’s the deal: Qualcomm provides device makers that use its chips an app called Engineer Mode that they can use for testing purposes. It’s only really supposed to be used on pre-release software, but it turns out that OnePlus included it in the Android-based OxygenOS software that ships on its phones.

It’s unclear if that was an accident or if it was done intentionally.

Update: Qualcomm says it didn’t make the app. Instead, it appears to be a new app built on top of some code from an older, similarly-named Qualcomm testing app that had far less functionality. 

First spotted by @fs0c131y, the Engineer Mode APK appears to be included in multiple OnePlus devices including the OnePlus 3 and OnePlus 5.

With the app installed, it’s possible to connect the phone to a PC and run an adb (Android Debug Bridge) command that enables diagnostic mode and provides root access which stays enabled even after the phone is rebooted.

You do need to enter a password to toggle diagnostic mode… but the folks at NowSecure figured out that the password is “angela” and multiple folks have confirmed that it works.

So… if you want to root your phone, there are now instructions for doing that. If you want to make sure that nobody else can gain root access to your phone… that might be a bit trickier.

For now it looks like the easiest way to root a device with the Engineer Mode APK installed is to have physical access to the phone, which limits the likelihood that an attacker would be able to gain access to your data without your knowledge.

But as Android Police points out, it’s also possible that someone could combine a set of known vulnerabilities including the Engingeer Mode backdoor to infect your device with malware when a malicious app is installed.

Update: OnePlus has issued a statement that boils down to:

  1. We don’t think there’s any real security threat here.
  2. But we get that some of you are concerned, so we’ll issue a fix “in an upcoming OTA.”

Interestingly, the company says it’ll “remove the adb root function from EngineerMode” in that update rather than removing the app altogether, which suggests that OnePlus didn’t simply forget to remove it from OxygenOS after using it to test its phones.. but actually included it on purpose for some reason.

Share this:

  • Facebook
  • Twitter
  • Reddit
  • Pocket
  • Tumblr
  • Pinterest
  • LinkedIn
  • Email

Daily Deals (12-13-2019)

Every week this year, the Epic Games Store has offered up at least one game for free, and sometimes two. This week is one of the twofer weeks -- you … [Read More...]



Support Liliputing

Liliputing’s primary sources of revenue are advertising and affiliate links (if you click the “Shop” button at the top of the page and buy something on Amazon, for example, we’ll get a small commission).

But there are several ways you can support the site directly even if you’re using an ad blocker and hate online shopping.

Contribute to our Patreon campaign

or…

Contribute via PayPal

  • donate monthly
  • donate once only
Select a Donation Option (USD)

Enter Donation Amount (USD)

5
Leave a Reply

Login with
Facebook Google Twitter WordPress Yahoo! Disqus Reddit Stackoverflow GitHub
avatar
This comment form collects your name, email address, and content to allow us to keep track of comments placed on this website. Please read our privacy policy for more details.
Save my name, email, and website in this browser cookies for the next time I comment.
5 Comment threads
0 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
5 Comment authors
bolomkxxviiiTommKangalCaitlin BestlerInteresting Recent comment authors
avatar
This comment form collects your name, email address, and content to allow us to keep track of comments placed on this website. Please read our privacy policy for more details.
Save my name, email, and website in this browser cookies for the next time I comment.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
newest oldest most voted
Notify of
Interesting
Guest
Interesting

Wait… so if you go with a small Chinese outfit who sells cheaper hardware that has less development behind it, there could actually be security risks in doing so?! Shocking!

In other related news, water has been found to indeed be wet. People claim to be “surprised” by this development.

You Must Be Logged In To Vote3You Must Be Logged In To Vote  Reply
2 years ago
Caitlin Bestler
Member
Caitlin Bestler

It’s a backdoor that is secured with something less than a private key/public key pair.
What more has to be said. One Plus has shown that they do not understand security. Period.
The fact that the password is of particularly low quality is just piling on.

You Must Be Logged In To Vote2You Must Be Logged In To Vote  Reply
2 years ago
Kangal
Guest
Kangal

If only we could have these backdoors on Flagship Android Devices, those which insist to lock the bootloader and make it impossible to r00t etc etc.

You Must Be Logged In To Vote2You Must Be Logged In To Vote  Reply
2 years ago
Tomm
Guest
Tomm

Fix is coming in next OTA updates.

You Must Be Logged In To Vote0You Must Be Logged In To Vote  Reply
2 years ago
bolomkxxviii
Guest
bolomkxxviii

I think the phrase of the day is “tempest in a tea cup”. I read quite a bit about this apk. You must gain physical access to the phone in order to use it, connect the phone to a pc and run adb, enter a password. I think most people would notice if someone did this with your phone. Oh, and of course you must unlock your phone (password or biometrics). Honestly if the root can be reversed then the apk deleted from the phone this would be great to have. Delete any pesky crapware on your phone that you normally could not get rid of, then unroot the phone and delete the program. Cool.

You Must Be Logged In To Vote0You Must Be Logged In To Vote  Reply
2 years ago

Follow Liliputing:

Facebook Twitter YouTube tumblr RSS Patreon
Disclosure: Some links on this page are monetized by Skimlinks and Amazon's and eBay's affiliate programs.

Latest News

Apple and Spotify bring podcasts to Amazon Echo devices (and other Alexa-enabled gadgets)

Amazon's Echo line of products may have introduced the world to the idea of … [Read More...]

Lenovo Tab M8 HD

Lenovo may have a Chrome OS tablet on the way

Chrome OS tablets have been a thing for the past year and a half or so, but … [Read More...]

Xbox Series X coming in late 2020 (It’s pretty much a gaming PC in console form)

Microsoft has taken the wraps off its next-gen Xbox game console and the Xbox … [Read More...]

Featured articles

Magic Ben MAG1 8.9 inch mini laptop review

It's tricky to make a great mini-laptop. Want a super-small screen and a device … [Read More...]

Amazon Fire tablet hacking resources (Fall 2019 edition)

As usual, Amazon is offering deep discounts on Fire tablets for the holiday … [Read More...]

Dell XPS 13 2-in-1 review (Ice Lake convertible laptop)

Dell's XPS 13 line of laptops have set the standard in recent years for just how … [Read More...]

Login

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Copyright © 2019 Liliputing · About Liliputing · Contact Us · Privacy Policy · Go to top of page

wpDiscuz
loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.