OnePlus Left A Backdoor!
by hilman488 - 11-14-2017, 12:51 PM

Another terrible news for OnePlus users. Just over a month after OnePlus was caught collecting personally identifiable information on its users, the Chinese smartphone company has been found leaving a backdoor on almost all OnePlus handsets.

A Twitter user, who goes by the name "Elliot Anderson" (named after Mr. Robot's main character), discovered a backdoor (an exploit) in all OnePlus devices running OxygenOS that could allow anyone to obtain root access to the devices.
The application in question is "EngineerMode," a diagnostic testing application made by Qualcomm for device manufacturers to easily test all hardware components of the device.

This APK comes pre-installed (accidentally left behind) on most OnePlus devices, including OnePlus 2, 3, 3T, and the newly-launched OnePlus 5. We can confirm its existence on the OnePlus 2, 3 and 5.

You can also check if this application is installed on your OnePlus device or not. For this, simply go to settings, open apps, enable show system apps from top right corner menu (three dots) and search for EngineerMode.APK in the list.


If it's there, anyone with physical access to your device can exploit EngineerMode to gain root access on your smartphone.
EngineerMode has been designed to diagnose issues with GPS, check the root status of the device, perform a series of automated 'production line' tests, and many more.

After decompiling the EngineerMod APK, the Twitter user found 'DiagEnabled' activity, which if opened with a specific password (It is "Angela", found after reverse engineering) allows users to gain full root access on the smartphone—without even unlocking the bootloader.

Although the chance of this application already being exploited in the wild is probably low, it seems to be a serious security concern for OnePlus users as root access can be achieved by anyone using a simple command.


Moreover, with root access in hands, an attacker can perform lots of dangerous tasks on victim's OnePlus phone, including stealthy installing sophisticated spying malware, which is difficult to detect or remove.

Meanwhile, in order to protect themselves and their devices, OnePlus owners can simply disable root on their phones. To do so, run following command on ADB shell:
setprop persist.sys.adb.engineermode 0" and "setprop persist.sys.adbroot 0" or call code *#8011#

In response to this issue, OnePlus co-founder Carl Pei said that the company is looking into the matter.

The Twitter user has promised to release a one-click rooting app for OnePlus devices using this exploit. We will update the article as soon as it is available.

Is this ture Damn, I've got a OnePlus
Yikes this is not good D:
I hadn't thought that OnePlus would do something like this, although I haven't really messed with their products so I can't say so myself
I just destroyed it.
I'm glad I'm not using this option.
Unfortunately there is too similar app
OOOoo no way.... I have oneplus 3
Interesting story and a very interesting password. Which Angela is meant? Merkel?
damn that's one way to dump all ur clients
No way ! I wan't a one plus 5t but now...
leaving a backdoor (intentional or not) is one thing... but using a password which can be cracked with a dictionary attack in 0.1 sec? srsly...
Apparently, the FactoryMode application replaces what was previously known as EngineerMode, the pre-installed system app that could be exploited by a user with physical access to a device to gain root access. OnePlus ultimately removed the code responsible for this root method, and they also chose to remove EngineerMode and rebrand it as FactoryMode.

Possibly Related Threads…
Thread Author Replies Views Last Post
Microsoft "accidentally" leaks backdoor keys to bypass UEFI. BRK 0 1,127 08-10-2016, 06:34 PM
Last Post: BRK

 Users browsing this thread: 1 Guest(s)