OnePlus has recently accused of collecting a vast amount of sensitive private data from users' smartphones in the past and now, the company has been blamed for leaving a backdoor on its devices that is capable of granting root access. While the company eventually reversed course on the data collection, another discovery has been made in the software of OnePlus phones. After bringing it to attention, security outfit NowSecure reverse engineered it and found that it could easily be exploited with a simple ADB command to enable a backdoor into devices that have the application installed. According to a Twitter user Elliot Alderson, some of OnePlus devices come with EngineerMode APK app pre-loaded on them, which acts as a backdoor, giving people root access without the need for unlocking the phone.
He plans to release an app for rooting OnePlus devices sometime today, and we'll update the post when it is released.
After tearing apart the phone's libdoor.so library, he managed to obtain root access though bypassing the escalate and isEscalated methods in the DiagEnabled activity.
Jerry Jones Isn't Backing Down from the NFL, Goodell
The New York Times reported on Monday that the league's compensation committee sent Jones a cease-and-desist warning. If Jones can rally more support, his stance against Goodell may still take several more turns.
The Engineer Mode APK is capable of diagnosing Global Positioning System, run automated tests, check root status among other things.
Alderson, with the help of cybersecurity experts, was able to root a OnePlus device with a few commands.
The chance of this already having been exploited is probably low, but it's still a massive risk to users.
Oil price drops more than US$1on IEA warning of shrinking demand
The largest contribution to demand growth - nearly 30 per cent - would come from India, whose share of global energy would rise to 11 per cent by 2040, it said.
OnePlus did not immediately respond to a request for comment. The app is normally hidden until you tell Android to show system apps, so you might not notice it unless you went looking for it.
Now, on its own, this app can't do anything malicious; it's a powerful tool intended for device testing and maintenance.
Russian Federation says USA providing cover for Islamic State in Syria
The Russian military is investigating claims that a civilian employee attached the bogus images, state-run media reported later Tuesday.