Hackers who get hold of some OnePlus phones can get virtually unlimited access to their files and software through use of a testing tool called called EngineerMode the company evidently left on phones.
Robert Baptiste, a freelance security researcher who goes by the name Elliot Alderson on Twitter after the “Mr. Robot” TV show character, found the tool on a OnePlus phone and tweeted his findings Monday. Researchers at security firm SecureNow helped figure out the tool’s password, a step that means hackers can get unrestricted privileges on the phone as long as they have the device in their possession.
“It’s quite severe,” Baptiste said via a Twitter direct message.
The EngineeerMode software functions as a backdoor, granting access to someone other than an authorized user. Escalating those privileges to full do-anything “root” access required a few lines of code, Baptiste said.
The EngineerMode tool is made by mobile chipmaker Qualcomm, Baptiste said. “We are looking into this now and trying to get to the bottom of it,” Qualcomm said of the situation.