OnePlus backdoor helps hackers take over your phone

Hackers who get hold of some OnePlus phones can get virtually unlimited access to their files and software through use of a testing tool called called EngineerMode the company evidently left on phones.

Robert Baptiste, a freelance security researcher who goes by the name Elliot Alderson on Twitter after the “Mr. Robot” TV show character, found the tool on a OnePlus phone and tweeted his findings Monday. Researchers at security firm SecureNow helped figure out the tool’s password, a step that means hackers can get unrestricted privileges on the phone as long as they have the device in their possession.

The OnePlus 5

Josh Miller/CNET

“It’s quite severe,” Baptiste said via a Twitter direct message.

The EngineeerMode software functions as a backdoor, granting access to someone other than an authorized user. Escalating those privileges to full do-anything “root” access required a few lines of code, Baptiste said.

SecureNow found the tool on the OnePlus 3 and OnePlus 5. Android Police reported it’s also on the OnePlus 3T. And Baptiste said it’s also on the new OnePlus 5T.

OnePlus didn’t immediately respond to a request for comment, but co-founder Carl Pei said on Twitter the company is looking into it

The EngineerMode tool is made by mobile chipmaker Qualcomm, Baptiste said. “We are looking into this now and trying to get to the bottom of it,” Qualcomm said of the situation.

Source link