OnePlus Phones Come With A Factory Installed App That Can Root Devices….. Could It Lead To Pwnage?

If you own a OnePlus phone, then it is entirely possible that you phone could be open to pwnage as there’s an app on it that allows people to have root access (or complete access to do whatever one wants). Here’s the details:

The app was discovered by a mobile security researcher who goes online by the pseudonym of Elliot Alderson — the name of the main character in the Mr. Robot TV series.

Speaking to Bleeping Computer, the researcher said he started investigating OnePlus devices after a story he saw online last month detailing a hidden stream of telemetry data sent by OnePlus devices to the company’s servers.

The researcher, who also owns a OnePlus 5 device, started investigating the company’s OS by first looking at the source code of OpDeviceManager, the app that was responsible for the telemetry collection.

“As expected OPDeviceManager does pretty nasty things, so I continued to dig into the OnePlus apps,” the researcher said.

“After a while, I found this EngineerMode app. It was just a question of time before I found something interesting in it,” Alderson said.

He goes on to say that a clever hacker could leverage this to pwn the phone, launch malware attacks, enlist the phone into a botnet, etc. And he says there’s “more” to come in terms other potential threats that exist on most if not every OnePlus device.

That’s not good.

The company has said it’s looking into these claims, but seeing as other security researchers have confirmed these findings, and the tech media is picking up this story, OnePlus will have to do more than look into this. They’ll have to come up with a robust explanation as to why this phone has all of this present and what they are going to do about it to ensure the security of their users.

UPDATE: Apparently OnePlus is going to yank this backdoor in a future over the air update. Though they “don’t see this as a major security issue.” Details here.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: