Hi-Tech

OnePlus backdoor means hackers could take over your phone

OnePlus backdoor means hackers could take over your phone

Earlier this year BLU was revealed to have some serious security concerns, and even OnePlus has had issues revealed.

Baptiste found that OnePlus was shipping devices with the Qualcomm EngineerMode app - which is used by device makers for testing and diagnostics - with its OxygenOS customised version of Google's Android operating system.

The Engineer Mode APK is capable of diagnosing Global Positioning System, run automated tests, check root status among other things.

Root access was still hidden behind a password, but once that was cracked, that developer was able to obtain root access on the phone. Having root access essentially means the user has complete control over the device, including privileged control over features that would otherwise be locked up. The developer claims that the company has left behind the software intentionally, and he will come out with the application for rooting OnePlus devices without unlocking.




As the impending launch of the OnePlus 5T nears, the company has once again found itself the subject of controversy.

On devices with the application present, an attacker could use the easily crackable password to hijack the device and execute malicious code. The app gives unprecedented access to a host of security-sensitive features of your phone, with the worst offender being the "all clear" command, which would erase all data on the phone, internal storage and all. If it's as widespread as it appears to be, there's a good chance you'll see a software update removing EngineerMode. It is also possible to delete the app once it is discovered.

In a statement to Android Authority, OnePlus said "We securely transmit analytics in two different streams over HTTPS to an Amazon server".