App on several OnePlus devices grants backdoor root access

Share

The problem is that once discovered and decompiled, the app has a feature that easily gives root access to the device even without unlocking the devices' bootloader. Nonetheless, it's a backdoor many wouldn't want on their devices. This app is used by OnePlus to ensure that a device is working properly before it leaves the factory.

A developer managed to use this very app to root the device by figuring out the password used to gain root access.

The app-called "EngineerMode"-is partially exposed to users through a secret "*#808#" dialer command, and you can also launch the full app through an Android activity launcher or the command line. They are able to gain root if they have a password to bypass privilege escalation checks.

The Engineer Mode APK is capable of diagnosing Global Positioning System, run automated tests, check root status among other things. With root access, an attacker could change just about anything about the device's software. It's not something that could be achieved remotely, however, you would need the physical OnePlus device connected to a computer running the Android Debug Bridge (ADB) to exploit the vulnerability.


This app is a system app made by @Qualcomm and customised by @OnePlus. The application was present on several models of OnePlus devices including OnePlus 3, OnePlus 3T and OnePlus 5.

The application in question is EngineerMode, in which its goal is to test Qualcomm processors easily.

OnePlus was in a bit of hot water earlier this month for collecting user data through OxygenOS and sending it back to the company, a practice it has since stopped. The fact that it is preinstalled on handsets is something of a concern, and OnePlus is yet to respond to questions about the app and its potential for exploit. From there, just search for Engineer Mode to see if it is installed.

Share