OnePlus Phones Vulnerable Due To An Easily Exploitable Backdoor
It has been a little over a month since OnePlus was found to be collecting personally identifiable information for analytics. The company quickly reversed course, and in an update the company promised to be more transparent by clearly giving users the option to opt out of OxygenOS analytics.
A new report shows that all OnePlus phones that are in use right now, including the OnePlus 5, have a program installed that can be used to root the handset. It’s just like having a backdoor in your phone, which could be used by other apps for spying purposes.
The reason for this is that ‘root’ access can allow anyone to access the ‘superuser’ mode where they can install any malware with surveillance capabilities in the victim’s smartphone. What this means for end users is that you can easily root your OnePlus 3, OnePlus 3T, and OnePlus 5 without ever unlocking your bootloader. What’s scary is the fact that the user will have no idea about the presence of the software as it can be hidden inside the operating system.
The developer, who goes by the name Elliot Alderson on Twitter, posted a series tweets yesterday outlining the steps taken to achieve the privileges.
With telephony secret code you can access to manual tests like GPS test, root status test as stated in this article https://t.co/T0FZQBISpS pointed by @AleGrechi . But can do better… pic.twitter.com/7gTaZ848Gp
— Elliot Alderson (@fs0c131y) November 13, 2017
The app’s primary purpose is to test the phones during manufacturing and make sure the device is working correctly, but the app isn’t then wiped from the phone. Alderson did say on Twitter that the app is made by Qualcomm, but customized by OnePlus.
Meanwhile, OnePlus co-founder Carl Pei has already announced that OnePlus is investigating the issue.