ONEPLUS PHONES HAVE AN UNFORTUNATE BACKDOOR BUILT IN [source: wired]

15 Nov 2017

No Comments

3942

ONEPLUS SMARTPHONES HAVE developed a bit of a cult following, thanks to a combination of design and affordability that few other Android handsets match. But OnePlus has also experienced some notable privacy and security issues, including a recent admission that it was collecting a sketchy amount of user data on its corporate servers. Now, a French security researcher has published evidence that nearly every OnePlus phone model comes pre-loaded with a factory testing app that essentially acts as a backdoor, potentially granting hackers full access to your device. Whoops!

The Hack

It turns out that every OnePlus model, except the original OnePlus One, has an application called “Engineer Mode” buried in its operating system. The app appears to be a development and factory testing tool, and can be used for things like GPS checks and hardware scans. These types of tools are common, but are generally disabled or removed before devices ship to consumers; otherwise their power and operating system privilege could be abused. In this case, while Engineer Mode isn’t immediately accessible from the user interface, it doesn’t take that much software probing to access it, and from there some simple commands could give an attacker root access to almost any OnePlus. The tool is a customized version of a Qualcomm app that contains the backdoor, protected with a hard-coded password.

“It’s not good. In theory, this kind of app must be removed from the final release,” says Robert Baptiste, the firmware analysis researcher who discovered the flaw. “But [that] adds another operation in the factory, which costs time and is always complicated. So sometimes—often—companies decide to keep this app. Security by obscurity is a common practice.”

Unfortunately, OnePlus didn’t obscure its Engineer Mode quite enough.

For more, click here.