OnePlus plans to fix glaring smartphone security flaw allowing easy root access

手机数码 2017-11-15

OnePlus has a glaring smartphone security problem the company says it plans to fix in an upcoming software update. Just this week, a bit of fan sleuthing
surfaced a flaw ostensibly due to oversight that meant that, over the past couple of years, OnePlus phones (including the recently released OnePlus 5) have carried a Qualcomm testing app called EngineerMode.

The app provides users with root-level access to the phone without needing to unlock its bootloader,
according to Engadget

. In other words, a malicious user would need to physically grab your phone in order to take advantage of the bug. Yet once they gained that access, they could plant trackers or malware easily.

A staff member from the OnePlus team explained in a forum post
that EngineerMode is a diagnostic tool used for factory production line functionality testing and also for IT support as OnePlus customers call in for help. The staff member reassured users by saying that third-party apps can’t gain full root privileges from EngineerMode. And since USB debugging, which is off by default, must be turned on for EngineerMode to work, that at least gives oblivious users a line of defense against would-be attackers.

“While we don't see this as a major security issue, we understand that users may still have concerns,” said the staff member, explaining that the root function would be removed in the next update. OnePlus previously stepped on users’ toes last month when it was found to be collecting a ton of data from its smartphones
. Coupled with this EngineerMode security loophole, it doesn’t look great for OnePlus’ overall user security.

您可能感兴趣的

Containers and Cloud Security Introduction The idea behind this blog post is to take a new look at how cloud security is measured and what its impact is on the various actors ...
OnePlus 5 vs Sony Xperia XZ Premium: quick look The Sony Xperia XZ Premium is just one of the many flagships going head to head with the recently announcedOnePlus 5. If you’re wondering wha...
OnePlus 5 is coming soon to Malaysia and here’s th... That was fast! After theOnePlus 5 wasannounced a few days ago, official distributor Brightstar has announced that the new OnePlus 5 is coming to ...
Digital security expert: Pro-Kremlin Twitter accou... Russian President Vladimir Putin speaks during his annual end-of-year news conference in Moscow. Thomson Reuters Pro-Kremlin trolls target...
如何灵活使用配置文件 摘要 在实际项目中,经常遇到比较多的环境,比如开发环境,测试环境,生产环境。对于这些环境,可能会有不同接口调用,不同的数据库连接字符串等等。那么该如何实现不同环境的参数快速切换呢?当然,最笨的方式就是,发布前,针对不同的环境,注释放开注释的操作。这也是经常使用的方法,如果环境较少,这种还可以应付...