OnePlus, an electronics manufacturer based in China, has reportedly been shipping its line of popular smartphones with a hidden backdoor that could allow a hacker to hijack the device relatively effortlessly.
Security researcher Robert Baptiste says the EngineerMode APK is made by Qualcomm and is meant to be used by factory staff to test phones for basic functionality before they are shipped out to the public. But Elliot Alderson found that the tool could be exploited by hackers to gain root access to a device, essentially gaining backdoor access into it where they could then take over the phone.
OnePlus likely kept Engineer Mode installed on the devices because it assumed it was secure and would remain unnoticed, given that the app is hidden behind a password.
With the password cracked, it's now possible for an app to enable root access on any device with the APK preinstalled.
Joel Embiid 'Loves' Lonzo Ball, Despite What People Think
Ball finished the game with 19 points (on 7-of-12 from the field), 13 assists, and 12 rebounds. It's not going to be scoring every night, but I'm trying to improve that.
Arthur Blank and Jerry Jones avoid each other before teams play
Jones has retained legal counsel and Wednesday threatened to sue the league in an effort to block Goodell's extension. Historically, the committee has been given the power to make decisions and get the backing of the rest of the owners.
How the world reacted to Italy missing out on World Cup finals
Despite the embarrassment of a botched campaign this cycle, Buffon refused to lay the blame on manager Gian Piero Ventura . I'd like to wish these lads all the very best of luck.
The Engineer Mode APK is capable of diagnosing Global Positioning System, run automated tests, check root status among other things. A developer has found an application that can be manipulated into to granting a backdoor root access. It is actually a modified version of a testing application created by Qualcomm. However, it was left in the software builds that ship with the OnePlus 3, 3T, and 5.
Earlier, according to a post on Christopher Moore's blog, OnePlus is collecting sensitive private data like IMEI numbers, mobile network names and IMSI prefixes, MAC addresses, and more. This is thanks to a Qualcomm system-side app and OnePlus's decision to leave it in the custody of end users. The company claimed the data was simply for performance analytics but agreed to scale back what it collected.
While the vulnerability allows attackers to use the EngineerMode app to fully compromise devices, a mitigating factor is that local access to devices is needed - no remote exploit is available.
The discoverer of the app had a problem.