Twitter user Elliot Alderson, a name borrowed from the protagonist of the Mr series. Robot has been discovered that OnePlus seems to have left a in-house tool called EngineerMode in the build official present in OnePlus 3, OnePlus 3T and OnePlus 5.
This should not pose any problem except because with this application is it possible to root the phone and could be used therefore as a backdoor to exploits. If you have a phone OnePlus is possible that you have this application presinstalada, but don’t panic, the likelihood that a malicious application to make use of this vulnerability is even lower.
A tool for testing
it Is normal that the phones include internal tools to analyze the state of the phone and its components. Tools these which are often accessed through intricate combinations of codes. What is not so normal is that allow you to root your phone.
EngineerMode is one of these applications, created by Qualcomm, but modified to OnePlus. the Is hidden, but little. That is to say, it appears in the list of applications preinstalled on the phone, but can’t open directly. However, all their activities are exported, a técnicismo to explain that her various “screens” can be launched from other applications such as this.
it Has taken a lot of research, reverse engineering, and help other security experts to discover all the things you could do with EngineerMode and the password needed to do this. It was not easy, but not impossible, and this is how they managed to reveal the password required for grant root to ADB, a process that could be used later to install SuperSu.
therefore, should Not be a concern for the immediate safety for those owners of a phone OnePlus one, because in principle other applications could not take advantage of the vulnerability in and of itself. The only sure thing is that a person with bad intentions, your mobile phone and appropriate knowledge could rootearlo and take complete control of the phone.
What’s next: a tool for root… and fix
once you have discovered the calico, two promises for the future. On the one hand, Elliot Alderson promises that will create and publish coming soon on Google Play a tool for rooting phones OnePlus automatically. By the time you’re not ready: when it is, we’ll update this news.
Difficulty to install #SuperSu: 0! Everything is already preinstalled 🤔.
The OnePlus root application is coming soon 🙂
— Elliot Alderson (@fs0c131y) November 13, 2017
on the other hand, Carl Pei has responded to the thread on Twitter with a classic “Thanks for the warning, we are reviewing”. Technically it should not be difficult for OnePlus to correct this problem, by modifying or completely eliminating EngineerMode entirely on their phones through an update of the system.
Thanks for the heads up, we're looking into it.
— Carl Pei (@getpeid) November 13, 2017
The news OnePlus is left an internal tool on their phones able to get the root was originally published in Xataka Android by Ivan Ramirez .