Date:15/11/17
Robert Baptiste, a freelance security researcher who goes by the name Elliot Alderson on Twitter after the "Mr. Robot" TV show character, found the tool on a OnePlus phone and tweeted his findings Monday. Researchers at security firm SecureNow helped figure out the tool's password, a step that means hackers can get unrestricted privileges on the phone as long as they have the device in their possession.
The EngineeerMode software functions as a backdoor, granting access to someone other than an authorized user. Escalating those privileges to full do-anything "root" access required a few lines of code, Baptiste said.
"It's quite severe," Baptiste said via a Twitter direct message.
OnePlus disagreed, though it said it's decided to modify EngineerTool.
"EngineerMode is a diagnostic tool mainly used for factory production line functionality testing and after sales support," the company said in a statement. Root access "is only accessible if USB debugging, which is off by default, is turned on, and any sort of root access would still require physical access to your device. While we don't see this as a major security issue, we understand that users may still have concerns and therefore we will remove the adb [Android Debug Bridge command-line tool] root function from EngineerMode in an upcoming OTA."
SecureNow found the tool on the OnePlus 3 and OnePlus 5. Android Police reported it's also on the OnePlus 3T. And Baptiste said it's also on the new OnePlus 5T.
The EngineerMode tool is made by mobile chipmaker Qualcomm, Baptiste said. "We are looking into this now," Qualcomm said of the situation.
OnePlus backdoor means hackers could take over your phone
Hackers who get hold of some OnePlus phones can get virtually unlimited access to their files and software through use of a testing tool called EngineerMode the company evidently left on the devices.Robert Baptiste, a freelance security researcher who goes by the name Elliot Alderson on Twitter after the "Mr. Robot" TV show character, found the tool on a OnePlus phone and tweeted his findings Monday. Researchers at security firm SecureNow helped figure out the tool's password, a step that means hackers can get unrestricted privileges on the phone as long as they have the device in their possession.
The EngineeerMode software functions as a backdoor, granting access to someone other than an authorized user. Escalating those privileges to full do-anything "root" access required a few lines of code, Baptiste said.
"It's quite severe," Baptiste said via a Twitter direct message.
OnePlus disagreed, though it said it's decided to modify EngineerTool.
"EngineerMode is a diagnostic tool mainly used for factory production line functionality testing and after sales support," the company said in a statement. Root access "is only accessible if USB debugging, which is off by default, is turned on, and any sort of root access would still require physical access to your device. While we don't see this as a major security issue, we understand that users may still have concerns and therefore we will remove the adb [Android Debug Bridge command-line tool] root function from EngineerMode in an upcoming OTA."
SecureNow found the tool on the OnePlus 3 and OnePlus 5. Android Police reported it's also on the OnePlus 3T. And Baptiste said it's also on the new OnePlus 5T.
The EngineerMode tool is made by mobile chipmaker Qualcomm, Baptiste said. "We are looking into this now," Qualcomm said of the situation.
Views: 416
©ictnews.az. All rights reserved.Similar news
- Cellphone Use May Raise Cancer Risk
- Australian police pushes cyber safety education
- Vietnam aims to lead in e-government
- Senate Website Gets Hacked
- US builds net for cyber war games
- Japan enacts anti-computer virus law
- India passes law vs e-waste
- Anonymous Declares War On The City Of Orlando
- Microsoft highlights evolving dangers as online identity data proliferates
- Consumers want internet security to be provided by banks
- Government facilities targets of cyber attack
- South Korean web attacks might been war drill
- Sri Lanka to Establish National Passport Database to Increase Border Security
- Hi-tech crime agencies set to employ information security professionals
- Phone hacking and online campaign bring down the News of the World