Recently, OnePlus devices were caught for collecting personal information of users and sending it to Chinese server which is now fixed but the OnePlus security troubles aren’t over. Twitter user Elliot Anderson tweeted that there is a backdoor in all OnePlus devices that enables root access without unlocking the bootloader.
There is an app called “EngineerMode” found pre-installed in most of the OnePlus devices. This app is made by Qualcomm for device manufacturers for testing whether the hardware of OnePlus smartphones is working properly or not and for diagnosing issues with GPS, checking root status of the device, perform production line test.
If someone gets physical access to your device, he/she can easily exploit the EngineerMode to gain root access.
Elliot Anderson decompiled the EngineerMode app and found ‘DiagEnabled ‘activity which if opened with a specific password will give you full root access to your device without unlocking the bootloader.
This is a serious security issue for OnePlus users because the root access can be accessed by anyone with a simple command. Attackers can easily install dangerous and malicious software on your device that could be difficult to detect and remove.
To protect your devices OnePlus users can disable root on their devices by simply using the following command or call code:
“setprop persist.sys.adb.engineermode 0” and “setprop persist.sys.adbroot 0” or call code *#8011#
Carl Pei co-founder of OnePlus said the company is looking into the backdoor report. The company will release the patch for it shortly in which EngineerMode Apk will be removed.