A Backdoor in OnePlus devices allows root access without unlocking bootloader

Pierluigi Paganini November 14, 2017

Expert discovered a backdoor in OnePlus devices that allows root access without unlocking the bootloader.

Other problems for the owners of the OnePlus smartphone, this time experts discovered a backdoor that allows root access without unlocking the bootloader.

Just over a month after OnePlus was caught collecting personally identifiable information on its users, the Chinese smartphone company has been found leaving a backdoor on almost all OnePlus handsets.

The Twitter user, who goes by the handle of “Elliot Anderson ,” (the name of the Mr. Robot’s main character), discovered a backdoor in OnePlus devices running OxygenOS that could allow anyone to obtain root access to the handsets.

Most of the OnePlus devices, including OnePlus 2, 3, 3T and brand-new OnePlus 5, comes with a pre-installed diagnostic testing application dubbed EngineerMode.

root oneplus devices android hacking

The app was developed by Qualcomm to help device manufacturers to easily test all hardware components of the devices.

The app is visible in the list of applications installed on the OnePlus devices.

The pre-installed app is exploitable by attackers with a physical access to the device and allows to gain root access on the smartphone.

The @fs0c131y user decompiled the EngineerMod APK and shared it on GitHub, he discovered the ‘DiagEnabled’ activity that could be opened with hardcoded password “Angela” to gain full root access on the smartphone, without even unlocking the bootloader.

The problem is severe and OnePlus users must be informed that it is anyway possible to gain a root access to the device using a simple command.

root oneplus devices android hacking

The hack could be exploited by an attacker to perform several malicious activities, including the installation of a spyware or a bootkit.

The workaround to protect vulnerable OnePlus smartphones consists of disabling the root on their phones using the following command on ADB shell:

"setprop persist.sys.adb.engineermode 0" and "setprop persist.sys.adbroot 0" or call code *#8011#

Elliot Alderson plans to release an application to root the OnePlus devices.

OnePlus company is currently analyzing the issue.

Stay tuned!

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – OnePlus devices Android root, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

 



you might also like

leave a comment