Industry

OnePlus accused of leaving a backdoor to give root access

OnePlus accused of leaving a backdoor to give root access

Having root access essentially means the user has complete control over the device, including privileged control over features that would otherwise be locked up. This app is used at the factory to test various functions of the device. If you have a OnePlus phone, you may be interested - and a little disturbed - to learn that the company is preinstalling an app that acts as a backdoor to root access.

Cyber security enthusiast and likely Mr Robot fan, Twitter user "Elliot Alderson" spotted the backdoor in OnePlus' Oxygen OS, which according to XDA Developers, is a diagnostic testing tool supplied by Qualcomm which OnePlus appears to have accidentally left in place on its OnePlus 5, OnePlus 3 and OnePlus 3T handsets.

The developer, with the help of few cybersecurity experts, was able to discover the password and was able to root a OnePlus device with few commands. The developer further added that he will publish an application for rooting OnePlus devices without unlocking. Once the app was decompiled, a password was still needed for the app so that it would give root access to devices.

On devices with the application present, an attacker could use the easily crackable password to hijack the device and execute malicious code. This is thanks to a Qualcomm system-side app and OnePlus's decision to leave it in the custody of end users.

Dubbed "EngineerMode" the tool has been designed as an easy way for phone makers to test the hardware on their devices. The company already drew criticism earlier this year over its onerous data collection practices, in which the company sucked up sensitive data from user devices and transmitted that information with each device's serial number attached. Meanwhile, OnePlus co-founder Carl Pei has already announced that OnePlus is investigating the issue.