The OnePlus 5T will be unveiled in just a couple of days, but OnePlus is now in the news for a new and dubious reason. A developer found an application hidden on the OnePlus 5 which acts as a backdoor for root access, and the app is named ‘EngineerMode’.
Awesome! Thanks to @insitusec and the @NowSecureMobile team, we have the password! It's now possible to root an @Oneplus device with a simple intent pic.twitter.com/gN0awYijBv
— Baptiste Robert (@fs0c131y) November 13, 2017
The purpose of the application is to allow OnePlus the ability to check the device to ensure that everything is working properly. The app performs various automated tasks, can check root status of the device in question, can make sure that the GPS chip is working properly, and more. However, the story here is that there is an activity within the ‘EngineerMode’ application which can enable root access when launched.
Once that activity is launched, all users will need is a command in ADB and the proper password, and the developer has confirmed a new tool is on the way to provide a brand-new root tool. This will make for one of the easiest root methods ever, but OnePlus is already on the case and is looking into the situation.
As it turns out, the ‘EngineerMode’ application is one that is created by Qualcomm, meaning that there is likely a chance that this application is available on more devices than just those offered by OnePlus. The developer stated that they now have the APK from the ASUS ZenFone, Xiaomi Redmi 3S, and a device running MIUI.
https://twitter.com/getpeid/status/930197107255992321
OnePlus CEO Carl Pei replied to the developer stating that the company is “looking into it”, so we’ll likely see a new update released which will remove this ‘EngineerMode’ application. Nonetheless, if you are more excited about seeing a new root method for the OnePlus lineup, let us know in the comments below. Otherwise, there isn’t much to worry about here, as long as you are careful about downloading non-verified applications that could access parts of your phone and get access to your information.
Let us know what you think about this latest security issue from OnePlus in the comments below.