Qualcomm had released an application which goes by the name EngineerMode. OnePlus, the company which is delivering some good quality smartphone at affordable prices seems to forget to remove the EngineerMode app from the devices.
Beware OnePlus users! Hackers Could Take Over Your phone
For smartphone manufacturers, Qualcomm had released an application which goes by the name EngineerMode. This app lets user test the hardware component of the smartphone.
However, the app is meant for smartphone manufacturers and shouldn’t reach the public because this app gives root access to anyone without unlocking the bootloader, opening up a potential security breach.
OnePlus, the company which is delivering some good quality smartphone at affordable prices seems to forget to remove the EngineerMode app from the devices. As we already mentioned that the app is built to be used only during the testing of the device. Several users have found the EngineerMode installed on OnePlus 2, OnePlus 3, OnePlus 3T and OnePlus 5 smartphone.
<Thread> Hey @OnePlus! I don’t think this EngineerMode APK must be in an user build…🤦♂️
This app is a system app made by @Qualcomm and customised by @OnePlus. It’s used by the operator in the factory to test the devices. pic.twitter.com/lCV5euYiO6
— Elliot Alderson (@fs0c131y) November 13, 2017
Twitter user fs0C131y analyzed the EngineerMode app and found that one of the features of EngineerMode app is to release the root access, allowing hackers to make sophisticated attacks on the devices. With that hackers can install malware or spyware apps without user permissions.
Security Researcher, Elliot Alderson, analyzed the app and found that the app was actually hidden behind a password. However, the researchers are quick to crack the password and found that the password is “Angela”.
In return, OnePlus co-found Carl Pei has told that the company is looking into it “Thanks for the heads up, we’re looking into it”. OnePlus had also written a detailed Blogspot on the issue and states that it’s not a major security issue
“EngineerMode is a diagnostic tool mainly used for factory production line functionality testing and after sales support. We’ve seen several statements by community developers that are worried because this apk grants root privileges. While, it can enable adb root which provides privileges for adb commands, it will not let 3rd-party apps access full root privileges”
So, what do you think about this? Share your views in the comment box below.P