UPDATED: Some OnePlus Devices Are Vulnerable To Root Backdoor Access

November 14, 2017 - Written By Daniel Fuller

Phone maker OnePlus mistakenly left a testing app made by Qualcomm preloaded on some devices, and according to one Twitter user who decompiled its APK, the app can be used to achieve root privileges on devices that it’s present on. The app in question is called EngineerMode, and it can be found on the OnePlus 3, 3T, and 5. As of now, it’s unknown whether the app will ship on the OnePlus 5T. Later on in the Twitter thread, an official security team chimed in to thank the source for finding this exploit, and declare that they’re working on patching it up. As of this writing, there has been no official announcement like a blog post or press release from OnePlus regarding the matter.

EngineerMode is a testing app made by Qualcomm, which means that it could potentially root many different Qualcomm devices in much the same way. The root exploit works with a special built-in testing mode in the app that uses a privilege escalation to allow the testing crew to use ADB as root. While the app does not outright present this option, it is present, and can be used fairly easily. When used, it can not only perform its intended function but can consequently allow users to manipulate system files. Naturally, this means that a user can change files around to make root privileges work outside of ADB and to make the rooting stick. This can all happen without unlocking the bootloader. The password that all of this is locked behind can easily be found within the APK file; it’s Angela, possibly a reference to a character in Mr. Robot.

The finding does not bode well for OnePlus’ security team, in the wake of the company having been found collecting and retaining private user information only recently. Though OnePlus corrected the issue quickly once it was found, it did remain on devices until an outside source found the problem and pointed it out. There are numerous methods to root Android devices and OnePlus phones in particular have an unlockable bootloader out of the box, meaning that those who are interested in rooting a OnePlus device have a good number of options that are OnePlus-approved. The presence of the EngineerMode app and its functionality is accidental and is thus considered to be a vulnerability and an exploit.

Update:

A Qualcomm spokesperson has reached out to provide information stating that the EngineerMode app which is in reference to the security issue on OnePlus devices is believed to have been built on by others using an older version of the application, also mentioning that the app was not authored by Qualcomm, and that the source code of the app no longer resembles the original source code that was provided by Qualcomm.