Published On: Tue, Nov 14th, 2017

OnePlus includes Qualcomm engineering app in phones, exposes root backdoor

Enlarge / The OnePlus 5. (credit: Ron Amadeo)

A Twitter user by the name “Elliot Alderson” has discovered a root backdoor in OnePlus devices—one that has apparently been shipping for years. OnePlus has been shipping a Qualcomm engineering APK (an Android app file) in its devices, which with a few commands can root a device.

The app—called “EngineerMode”—is partially exposed to users through a secret “*#808#” dialer command, and you can also launch the full app through an Android activity launcher or the command line. The app contains production-line tests for various phone components, a root checker, and lots of information readouts. The important part, though, is a “DiagEnabled” activity with a method called “escalatedUp.” If this is set to “true,” the app will allow root access over Android Debug Bridge, Android’s command-line developer tools.

The method for gaining root is password protected, but the password lasted all of three hours once the method was discovered. With the help of David Weinstein and the Now Secure team, the group discovered the magic word is “angela,” which is possibly another Mr. Robot reference, just like the “Elliot Alderson” handle. (We swear this is real and not a Mr. Robot ARG.)

Read 3 remaining paragraphs | Comments

Tech – Ars Technica

Videos

Most Popular Posts