OnePlus has been in the news lately for one reason that one never expected it to be — data security and privacy. Last month, someone had found that OnePlus had been extracting data secretly on all OnePlus devices (read here). And now, there seems to be another issue that could land the company in trouble. Meet OnePlus’ Engineer Mode vulnerability.
Discovered by Mobile security researcher Robert Baptiste (also know as Elliot Alderson), the Engineer Mode is present on many OnePlus smartphones out in the wild. Basically, Engineer Mode is an app that was created by Qualcomm and modified by OnePlus for testing devices before they leave the production line. The app has a serious loophole that provides unauthorised access to any person with malicious intentions (hackers).
With Engineer Mode, one can gain access to root files of the device and access core system files. Rooting has been available for many Android smartphones and is generally not advised by manufacturers for security issues, which is why no manufacturer allows any kind of app with the standard software setup. However, the Engineer Mode app allows full access to the phone’s root files.
If you are a OnePlus user, then you needn’t worry. As with rooting, the person with malicious intention needs to gain physical access to your device in an unlocked state. Alderson’s team has only been able to crack this with physical access as for now and remote exploitation of the same hasn’t been made possible yet. If you want to check for this app’s presence on your OnePlus device, then you can go to Settings > Apps > Menu > Show system apps and search for EngineerMode in the app list.
In an interview to Motherboard, Alderson says that OnePlus has been shipping this test app on their devices for years and backdoor has been available forever. It is not yet known whether OnePlus let it go under their nose or they never knew about it. OnePlus CEO Carl Pei took to Twitter to assure users that they are examining the case.
OnePlus has been in the news for all the wrong reasons and with their OnePlus 5T launch looming on the horizon, it would be clever for the company to get its software ecosystem right before another new device rolls out with the vulnerability.
