• 10:36 Dec 12, 2018

Advertisement

By: Rohan Pal, The Mobile Indian, New DelhiLast updated : November 14, 2017 1:46 pm

OnePlus accused of leaving a backdoor to give root access

The developer, with the help of few cybersecurity experts, was able to discover the password and was able to root a OnePlus device with few commands.

OnePlus has recently accused of collecting a vast amount of sensitive private data from users’ smartphones in the past and now, the company has been blamed for leaving a backdoor on its devices that is capable of granting root access.

 

According to one developer named as Elliot Alderson, OnePlus has an application called as ‘EngineerMode’, which is basically used to check whether the unit is working properly or not in the factory. The application is present in all OnePlus devices including 3, 3T and 5. The app has the ability to diagnose GPS, check root status and perform a series of tests.

 

 

 

In this app, the developer has found activity known as ‘DiagEnabled’, if enabled with a specific password, grants the root access. The developer, with the help of few cybersecurity experts, was able to discover the password and was able to root a OnePlus device with few commands.

 

He further claims that the company has intentionally left the backdoor on their devices. The developer further added that he will publish an application for rooting OnePlus devices without unlocking. OnePlus co-founder Car Pei tweeted that the company will look into the claims made by the developer.

 

Earlier, according to a post on Christopher Moore’s blog, OnePlus is collecting sensitive private data like IMEI numbers, mobile network names and IMSI prefixes, MAC addresses, and more. He discovered that his OnePlus 2 device was sending data to an HTTPS domain, which was transmitted to Amazon Web Services and belongs to OnePlus (open.oneplus.net domain).

 

You might also like this:

 

 

In a statement to Android Authority, OnePlus said “We securely transmit analytics in two different streams over HTTPS to an Amazon server. The first stream is usage analytics, which we collect in order for us to more precisely fine-tune our software according to user behaviour. This transmission of user activity can be turned off by navigating to ‘Settings’ -> ‘Advanced’ -> ‘Join user experience program’. The second stream is device information, which we collect to provide better after-sales support.”

Advertisement

You might like this

Tags: OnePlus backdoor issue OnePlus smartphones OnePlus 3 OnePlus 3T OnePlus 5 OnePlus

Advertisement

 

0 Comments

Login with