Published: Tue, November 14, 2017
Hi-Tech | By Grace Becker

OnePlus inadvertently left a backdoor on its phones

OnePlus inadvertently left a backdoor on its phones

Root access was still hidden behind a password, but once that was cracked, that developer was able to obtain root access on the phone.

According to one developer named as Elliot Alderson, OnePlus has an application called as "EngineerMode", which is basically used to check whether the unit is working properly or not in the factory. But the team proved it can be done without a whole lot effort, which in turn leaves a lot of OnePlus devices vulnerable. The app has the ability to diagnose Global Positioning System, check root status and perform a series of tests.

Now, on its own, this app can't do anything malicious; it's a powerful tool intended for device testing and maintenance. Having root access essentially means the user has complete control over the device, including privileged control over features that would otherwise be locked up. Speaking to Hindustan Times, Alderson said, "This loophole is a backdoor".

Federal Bureau of Investigation data shows hate crimes appeared to drop in Wisconsin
Still, some organizations saw the increase, the second year in a row for which hate crimes rates went up, as cause for alarm. Over half of the religion-related offences were anti-Jewish, while a quarter were anti-Muslim, according to the data.

If it's there, anyone with physical access to your device can exploit EngineerMode to gain root access on your smartphone. The application is found on all OnePlus 3, OnePlus 3T, and OnePlus 5 devices, and is easily accessible through any activity launcher.

"Thanks for the heads up, we're looking into it", Pei tweeted. And it looks to be an issue on the OnePlus 5T as well. The app gives unprecedented access to a host of security-sensitive features of your phone, with the worst offender being the "all clear" command, which would erase all data on the phone, internal storage and all. He discovered that his OnePlus 2 device was sending data to an HTTPS domain, which was transmitted to Amazon Web Services and belongs to OnePlus (open.oneplus.net domain). Following the allegations, OnePlus took some steps, and added the new "opt-in" option for the user experience program.

Like this: