OnePlus accused of leaving a backdoor to give root access

Share

The developer also stated that deploying the "DiagEnabled" activity found in the APK with a specific password, it is possible to root the device. "Using this shell command triggers the diagnostic mode (or backdoor) and grants future ADB sessions root access, even after the device is rebooted", NowSecure stated in a blog post. Intended for internal use only by the company's engineering team to test if devices are working properly, the application has managed to remain on OnePlus devices that have been shipped to consumers-and may present a threat to their security. It is actually a modified version of a testing application created by Qualcomm.

OnePlus has recently accused of collecting a vast amount of sensitive private data from users' smartphones in the past and now, the company has been blamed for leaving a backdoor on its devices that is capable of granting root access. Hopefully OnePlus will remove the application from its devices with an update, all the way back to the OnePlus One. "So it's not risky, it just means anybody with the password can plug your phone to a computer and take all your data".

See what stores in New Orleans will open on Thanksgiving
Rest assured we will continue to vigilantly surface the very best of the Black Friday 2017 deals as and when they emerge. Thanksgiving, no doubt, is shadowed by the boring roar of consumerism fostered by Black Friday and Cyber Monday.

OnePlus has acknowledged the issue, and company founder Carl Pei said it is being investigated. A malicious app or malware that is built around this loophole would potentially be able to target OnePlus devices and wreck havoc.

Robert Baptiste, a freelance security researcher who goes by the name Elliot Alderson on Twitter after the Mr. Robot TV show character, found the tool on a OnePlus phone and tweeted his findings Monday. He discovered that his OnePlus 2 device was sending data to an HTTPS domain, which was transmitted to Amazon Web Services and belongs to OnePlus (open.oneplus.net domain).

Share