Backdoor discovered in many OnePlus phones grants full control of device

By William Gayde
Nov 14, 2017
Post New Reply
  1. You can add all of the passwords and security features you want to a device but even the smallest of flaws can make them all useless. That appears to be the case with many OnePlus phones including the OnePlus 3, 3T, 5 and 5T. Hackers with physical access to a device can now gain nearly unlimited access by using a debugging tool designed for device manufacturers.

    The software, called EngineerMode, appears to have been mistakenly left on the devices. The backdoor was discovered by Robert Baptiste, a freelance security researcher. Security firm NowSecure then assisted in determining the software's password in order to make it usable by anyone.

    In an ironic pop culture reference, Mr. Baptiste goes by Mr. Robot protagonist Elliot Alderson on Twitter. The password to unlock EngineerMode is "angela," the name of another character from Mr. Robot.

    In a conversation with CNET, Baptiste called the backdoor "quite severe" considering an attacker needs only gain physical access to the device. By entering a few lines of code from a computer, privilege levels are escalated to root.

    The tool was designed by Qualcomm who said they are looking into the issue. OnePlus is also aware of the vulnerability and is investigating.

    Permalink to story.

  2. MUMMZ

    MUMMZ TS Enthusiast Posts: 43   +8

    Here in south africa, they use the front door...#yolo
  3. Emexrulsier

    Emexrulsier TS Evangelist Posts: 584   +72

    "only" gain physical access. So quite a simple hack then ...
  4. Hadakajime

    Hadakajime TS Rookie

    Please learn the definition of irony:
    "the use of words to convey a meaning that is the opposite of its literal meaning"

    The pop culture reference is not ironic in any way, shape or form!
    BabyFaceLee likes this.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...