[Update x2: OnePlus responds] OnePlus left a backdoor in its devices capable of root access

手机数码 Android Police (源链)

Just a month ago, OnePlus was caught collecting personally identifiable data from phone owners through incredibly detailed analytics. While the company eventually reversed course on the data collection , another discovery has been made in the software of OnePlus phones. One developer found an application intended for factory testing, and through some investigation and reverse-engineering, was able to obtain root access using it.

The application in question is called ‘EngineerMode,’ which is intended to be used in factories to confirm that the device is working properly. We have confirmed it is installed on the OnePlus 3, 3T, and 5. It’s even included on OxygenOS for the OnePlus One, but not the original CyanogenOS ROM .

The app can diagnose GPS, check the root status, perform a series of automated tests, and more. The developer found that by launching the ‘DiagEnabled’ activity found in the APK with a specified password, the device could actually be rooted:

So yes, if you send the command: adb shell am start -n https://t.co/yYfeX14Ioj .engineeringmode/.qualcomm.DiagEnabled –es “code” “password” with the correct code you can become root!

— Elliot Alderson (@fs0c131y) November 13, 2017

After tearing apart the phone’s libdoor.so library, he managed to obtain root access though bypassing the escalate and isEscalated methods in the DiagEnabled activity. With the help of a few cybersecurity experts, the required password was discovered, making rooting a OnePlus phone as easy as running a few commands.

Awesome! Thanks to @insitusec and the @NowSecureMobile team, we have the password! It’s now possible to root an @Oneplus device with a simple intent pic.twitter.com/gN0awYijBv

— Elliot Alderson (@fs0c131y) November 13, 2017

He plans to release an app for rooting OnePlus devices sometime today, and we’ll update the post when it is released. While this might sound exciting, due to the possibility of obtaining root access without unlocking the phone, this actually has serious security repercussions. While it’s likely not possible for any random app to obtain root with this method, as the commands can only be run through ADB, this could be used in conjunction with another vulnerability (like this one ) to cause harm.

The chance of this already having been exploited is probably low, but it’s still a massive risk to users. Carl Pei, co-founder of OnePlus, has said the company is looking into it:

Thanks for the heads up, we’re looking into it.

— Carl Pei (@getpeid) November 13, 2017

We’ve also reached out to OnePlus for comment. In the meantime, you should probably avoid installing any sketchy-looking apps. Hopefully OnePlus will remove the application from its devices with an update, all the way back to the OnePlus One.

Update 1 : 2017/11/14 10:22am PST

NowSecure, a mobile security company that helped the developer find the password, has published a more detailed writeup about the backdoor. The post reveals that the poorly-hidden password was in fact “angela,” possibly a “Mr. Robot” reference to character Angela Moss.

End of Update

Update 2 : 2017/11/14 1:48pm PST

OnePlus has posted an official statement about the EngineerMode app:

“Yesterday, we received a lot of questions regarding an apk found in several devices, including our own, named EngineerMode, and we would like to explain what it is. EngineerMode is a diagnostic tool mainly used for factory production line functionality testing and after sales support.

We’ve seen several statements by community developers that are worried because this apk grants root privileges. While, it can enable adb root which provides privileges for adb commands, it will not let 3rd-party apps access full root privileges. Additionally, adb root is only accessible if USB debugging, which is off by default, is turned on, and any sort of root access would still require physical access to your device.

While we don’t see this as a major security issue, we understand that users may still have concerns and therefore we will remove the adb root function from EngineerMode in an upcoming OTA.”

End of Update


The OnePlus 5T goes on sale November 21st OnePlus will unveil its new 5T smartphone during a live show on November 16th at 11AM EDT, just five days before the device will actually hit sto...
一加5T明天10点开售 京东预约量已破40万... 【TechWeb报道】11月28日下午,一加科技在北京举办了冬季发布会,发布了备受关注的一加5T国行版本。一加5T国行版本6GB+64GB售价2999元,8GB+128GB售价3499元。同时,会上推出了四周年纪念熔岩红版本,售价同样为3499元。明早10:00,一加官网和京东会开售新款一加5T,...
鲁大师Q3手机流畅度排行榜:一加5大战努比亚Z17... 评测软件鲁大师今天放出了自己总结的第三季度手机流畅度排行榜,不单纯看性能跑分,而是通过桌面滑动、网页加载、APP使用、照片查看、文件拷贝五个项目模拟日常实际体验,更接近用户使用感受,而且数据均来自用户上传。 本次排行中, 一加5拿下了冠军,不过优势并不明显,147.90的得分只比第二...
OnePlus 6 leaks in new hands-on photos Two weeks or so from now, OnePlus will finally be taking the wrapping off the eagerly-anticipatedOnePlus 6. Yet leaks have been a bit scarcer than...
It looks like the OnePlus 6 will be the company’s ... OnePlus’s next iPhone clone is expected to launch soon, and the phone might be more expensive than you’d think. We already expect the Chinese smartpho...
Android Police责编内容来自:Android Police (源链) | 更多关于

本站遵循[CC BY-NC-SA 4.0]。如您有版权、意见投诉等问题,请通过eMail联系我们处理。
酷辣虫 » [Update x2: OnePlus responds] OnePlus left a backdoor in its devices capable of root access

专业 x 专注 x 聚合 x 分享 CC BY-NC-SA 4.0

使用声明 | 英豪名录