• The OnePlus Backdoor That Actually Isn't



    More bad news for OnePlus... on the eve of a new product announcement they've been accused of backdooring their devices, allowing an attacker with physical access to gain root access without having to unlock any bootloadersó which we all know would wipe any and all sensitive data from your phone, right? Anyone? Bueller...?

    Anyway, as privacy scares go, this one has been blown out of proportion just a bit. It's still bad, but nowhere near as bad as the data that OnePlus was caught harvesting last month.

    The "backdoor" here is actually a Qualcomm testing app called EngineerMode. With the correct password (which has already been reverse-engineered) it will indeed grant root access via the Android Debug Bridge (ADB). What it won't do is allow malicious software with root privileges to be installed on your device. In fact, XDA has put their own spin on this vulnerability, citing it as a great new way for modders to root their OnePlus device.

    OnePlus absolutely should have removed this app before shipping out hardware to their customers. As to why they didn't, signs point to laziness rather than something more nefarious. Oh, and by the way, some ASUS and Xiaomi phones were also sold with the same Qualcomm testing app on board.

    Sources: Android Police, OnePlus Forums, XDA

    ---------
    This article was originally published in forum thread: The OnePlus Backdoor That Actually Isn't started by acurrie View original post
  • Sponsored By

  • Facebook

  • Recent Reviews

  • Recent Forum Posts

    cerreta2884

    How would Arizona be for that Sent from my...

    How would Arizona be for that


    Sent from my iPhone using Tapatalk

    cerreta2884 Today, 09:07 AM Go to last post
    bigsnake50

    In most of the country it should be relatively...

    In most of the country it should be relatively easy to merge the PCS holdings of Sprint and T-mobile. It might be as easy as a remote configuration. In others a visit to the site might be required....

    bigsnake50 Today, 09:01 AM Go to last post
    bigsnake50

    SDL cannot be the primary channel (PCC). It can...

    SDL cannot be the primary channel (PCC). It can be the secondary channel.

    bigsnake50 Today, 08:53 AM Go to last post
    tomseys

    An interesting article about the effectiveness of...

    An interesting article about the effectiveness of various masks including surgical masks, N95 masks and masks made from kitchen towels


    ...

    tomseys Today, 08:32 AM Go to last post
    werinshades

    Those aren't cell sites, but shot spotter devices...

    Those aren't cell sites, but shot spotter devices deployed throughout the city. When a gunshot is detected, the local CPD District receives a computer generated notification in the SDC room, who then...

    werinshades Today, 08:20 AM Go to last post