U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

A Backdoor in OnePlus devices allows root access without unlocking bootloader

Expert discovered a backdoor in OnePlus devices that allows root access without unlocking the bootloader. Other problems for the owners of the OnePlus smartphone, this time experts discovered a backdoor that allows root access without unlocking the bootloader. Just over a month after OnePlus was caught collecting personally identifiable information on its users, the Chinese smartphone company has been […]

OnePlus 3T

Expert discovered a backdoor in OnePlus devices that allows root access without unlocking the bootloader.

Other problems for the owners of the OnePlus smartphone, this time experts discovered a backdoor that allows root access without unlocking the bootloader.

Just over a month after OnePlus was caught collecting personally identifiable information on its users, the Chinese smartphone company has been found leaving a backdoor on almost all OnePlus handsets.

The Twitter user, who goes by the handle of “Elliot Anderson ,” (the name of the Mr. Robot’s main character), discovered a backdoor in OnePlus devices running OxygenOS that could allow anyone to obtain root access to the handsets.

Most of the OnePlus devices, including OnePlus 2, 3, 3T and brand-new OnePlus 5, comes with a pre-installed diagnostic testing application dubbed EngineerMode.

root oneplus devices android hacking

The app was developed by Qualcomm to help device manufacturers to easily test all hardware components of the devices.

The app is visible in the list of applications installed on the OnePlus devices.

The pre-installed app is exploitable by attackers with a physical access to the device and allows to gain root access on the smartphone.

The @fs0c131y user decompiled the EngineerMod APK and shared it on GitHub, he discovered the ‘DiagEnabled’ activity that could be opened with hardcoded password “Angela” to gain full root access on the smartphone, without even unlocking the bootloader.

The problem is severe and OnePlus users must be informed that it is anyway possible to gain a root access to the device using a simple command.

root oneplus devices android hacking

The hack could be exploited by an attacker to perform several malicious activities, including the installation of a spyware or a bootkit.

The workaround to protect vulnerable OnePlus smartphones consists of disabling the root on their phones using the following command on ADB shell:

"setprop persist.sys.adb.engineermode 0" and "setprop persist.sys.adbroot 0" or call code *#8011#

Elliot Alderson plans to release an application to root the OnePlus devices.

OnePlus company is currently analyzing the issue.

Stay tuned!

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – OnePlus devices Android root, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]