Published: Tue, November 14, 2017
IT | By Lester Massey

Thanks To A Backdoor, Hackers May Get Root Access To OnePlus Phones

Thanks To A Backdoor, Hackers May Get Root Access To OnePlus Phones

If you have a OnePlus phone, you may be interested - and a little disturbed - to learn that the company is preinstalling an app that acts as a backdoor to root access. But the team proved it can be done without a whole lot effort, which in turn leaves a lot of OnePlus devices vulnerable.

The Engineer Mode APK is capable of diagnosing Global Positioning System, run automated tests, check root status among other things.

While the vulnerability allows attackers to use the EngineerMode app to fully compromise devices, a mitigating factor is that local access to devices is needed - no remote exploit is available. A developer has found an application that can be manipulated into to granting a backdoor root access.

After tearing apart the phone's libdoor.so library, he managed to obtain root access though bypassing the escalate and isEscalated methods in the DiagEnabled activity.


Alderson, with the help of cybersecurity experts, was able to root a OnePlus device with a few commands. Of course, expecting the developers to unlock the bootloader for each device during its testing phases would be ridiculous, but its inclusion does pose security risks for everyday users. The app gives unprecedented access to a host of security-sensitive features of your phone, with the worst offender being the "all clear" command, which would erase all data on the phone, internal storage and all.

In a statement to Android Authority, OnePlus said "We securely transmit analytics in two different streams over HTTPS to an Amazon server".

For owners of OnePlus devices who are curious to learn if the Engineer Mode app is installed on their device, it is possible to find the app by going to Settings, opening the Apps menu, tapping Menu, and Show System apps.

Like this: