{"id":10478,"date":"2017-11-14T10:45:06","date_gmt":"2017-11-14T18:45:06","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/11\/14\/news-4251\/"},"modified":"2017-11-14T10:45:06","modified_gmt":"2017-11-14T18:45:06","slug":"news-4251","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/11\/14\/news-4251\/","title":{"rendered":"OnePlus Phones Were Shipped With a Hidden Backdoor"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/video-images.vice.com\/articles\/5a0b2ece48179301ff237528\/lede\/1510682319326-shutterstock_717229345.jpeg\"\/><\/p>\n<p><strong>Credit to Author: Louise Matsakis| Date: Tue, 14 Nov 2017 18:07:52 +0000<\/strong><\/p>\n<p>OnePlus, a major Chinese smartphone manufacturer, has gotten itself into a hell of a lot of security trouble lately, and now the situation is only getting worse. <\/p>\n<p>Mobile security researcher Robert Baptiste, who goes by the pseudonym <a href=\"https:\/\/twitter.com\/fs0c131y\" target=\"_blank\">Elliot Alderson<\/a> (a nod to the <a href=\"https:\/\/motherboard.vice.com\/en_us\/article\/wnjmyq\/the-creator-of-mr-robot-explains-its-hacktivist-and-cult-roots\" target=\"_blank\">main character<\/a> in the Mr. Robot series), discovered that OnePlus smartphones have been apparently shipping for years with a hidden backdoor. It makes it easy for a clever hacker with physical access to root a OnePlus phone with just a few lines of code.<\/p>\n<p>Alderson found an application on OnePlus devices intended for factory testing, and discovered it could be used to obtain \u201croot access\u201d to the phone. <a href=\"https:\/\/www.androidcentral.com\/root\" target=\"_blank\">Rooting<\/a> an Android device allows a developer to essentially gain access to everything in the operating system, and permission to change anything about the device\u2019s software. <\/p>\n<p>The application the researcher found is called \u201cEngineer Mode.\u201d It\u2019s meant to be used while the smartphone is still in the factory, to test whether it\u2019s working properly. Engineer Mode was hidden behind a password, but Alderson along with researchers at app security firm NowSecure were able to <a href=\"https:\/\/www.nowsecure.com\/blog\/2017\/11\/14\/oneplus-device-root-exploit-backdoor-engineermode-app-diagnostics-mode\/\" target=\"_blank\">quickly crack it<\/a>. The password is \u201cangela,\u201d which could ironically be another Mr. Robot <a href=\"https:\/\/motherboard.vice.com\/en_us\/article\/qv3xg5\/a-roundtable-of-hackers-dissects-mr-robot-season-3-episode-5-runtime-error\" target=\"_blank\">reference<\/a>.<\/p>\n<p>Alderson believes that the vulnerability can only be exploited with physical access, at least for now. He said in a <a href=\"https:\/\/twitter.com\/fs0c131y\/status\/930268752813359105\" target=\"_blank\">tweet<\/a> that it\u2019s \u201ctoo early to speak about a random app getting root access, but we are on the good tracks.\u201d<\/p>\n<p>It looks like the application was left on a number of devices, but it\u2019s not clear whether OnePlus did so intentionally, or whether it was an accident. Engineer Mode is on several different smartphones that OnePlus makes, including the OnePlus 3, OnePlus 3T, and the OnePlus 5, according to the blog <a href=\"http:\/\/www.androidpolice.com\/2017\/11\/13\/oneplus-left-backdoor-devices-capable-root-access\/\" target=\"_blank\">Android Police<\/a>.<\/p>\n<div style=\"max-width: 550px;\" data-iframely-id=\"gqEGIYo\" data-embedded-url=\"https:\/\/twitter.com\/fs0c131y\/status\/930115188988182531\" class=\"article__embed article__embed--iframely\">\n<div style=\"left: 0; width: 100%; height: 0; position: relative; padding-bottom: 56.25%;\" data-iframely-smart-iframe=\"true\"><iframe  src= width=\"100%\" height=\"420\" frameborder=\"0\" ><\/iframe> <\/div>\n<\/div>\n<p>Alderson told me in a Twitter DM that he has no doubt that Engineer Mode was left on OnePlus devices with the company\u2019s knowledge. \u201cThis app is a Qualcomm app customized by OnePlus. This backdoor had been coded by Qualcomm.\u201d The backdoor may not have been left maliciously however, Alderson explained. It could have been due to \u201claziness.\u201d<\/p>\n<p>Alderon told me he started investigating OnePlus devices last month when another major security problem was made public about the manufacturer\u2019s phones. In October, a January <a href=\"https:\/\/www.chrisdcmoore.co.uk\/post\/oneplus-analytics\/\" target=\"_blank\">report<\/a> from security researcher Chris Moore was covered widely by the press. It showed that OnePlus was collecting sensitive information from its users and transmitting it to a server along with each device\u2019s serial number. In response to these findings, OnePlus later <a href=\"https:\/\/www.theverge.com\/2017\/10\/15\/16479330\/oneplus-privacy-complaints-oxygenos-cybersecurity\" target=\"_blank\">scaled back<\/a> its data collection program.<\/p>\n<p>If you want to see if your device has Engineer Mode installed, you can go to Settings > Apps > Menu > Show System apps. There, you can search whether Engineer Mode is installed. If you discover that your device has it, you can delete it from your phone\u2019s applications, according to Alderson. <\/p>\n<div style=\"max-width: 550px;\" data-iframely-id=\"zMMWaxx\" data-embedded-url=\"https:\/\/twitter.com\/fs0c131y\/status\/930353689226809344\" class=\"article__embed article__embed--iframely\">\n<div style=\"left: 0; width: 100%; height: 0; position: relative; padding-bottom: 56.25%;\" data-iframely-smart-iframe=\"true\"><iframe  src= width=\"100%\" height=\"420\" frameborder=\"0\" ><\/iframe> <\/div>\n<\/div>\n<p>It appears that OnePlus phones might not be the only devices to come pre-baked with Engineer Mode. Several users on Twitter have reported discovering the app in <a href=\"https:\/\/twitter.com\/borkedEXE\/status\/930425483442843648\" target=\"_blank\">Lenovo<\/a> and <a href=\"https:\/\/twitter.com\/indieviewpod\/status\/930425411519082496\" target=\"_blank\">Motorola<\/a> devices that use Qualcomm chips. Other manufacturers may be affected, <a href=\"https:\/\/twitter.com\/fs0c131y\/status\/930353092717170688\" target=\"_blank\">according to Alderson<\/a>, because Engineer Mode is an app designed by the manufacturer Qualcomm.<\/p>\n<p>Qualcomm did not immediately respond to a request for comment. <\/p>\n<div style=\"max-width: 550px;\" data-iframely-id=\"QljPSlK\" data-embedded-url=\"https:\/\/twitter.com\/fs0c131y\/status\/930423201854877696\" class=\"article__embed article__embed--iframely\">\n<div style=\"left: 0; width: 100%; height: 0; position: relative; padding-bottom: 56.25%;\" data-iframely-smart-iframe=\"true\"><iframe  src= width=\"100%\" height=\"420\" frameborder=\"0\" ><\/iframe> <\/div>\n<\/div>\n<p>OnePlus also did not immediately return a request for comment, but the company\u2019s CEO, Carl Pei, said on Twitter that the issue was being examined. <\/p>\n<div style=\"max-width: 550px;\" data-iframely-id=\"RgZnmCh\" data-embedded-url=\"https:\/\/twitter.com\/getpeid\/status\/930197107255992321?ref_src=twsrc%5Etfw&#038;ref_url=https%3A%2F%2F9to5google.com%2F2017%2F11%2F14%2Foneplus-app-root-access-backdoor%2F\" class=\"article__embed article__embed--iframely\">\n<div style=\"left: 0; width: 100%; height: 0; position: relative; padding-bottom: 56.25%;\" data-iframely-smart-iframe=\"true\"><iframe  src= width=\"100%\" height=\"420\" frameborder=\"0\" ><\/iframe> <\/div>\n<\/div>\n<p>The discovery of this hidden backdoor couldn\u2019t come at a worse time: OnePlus\u2019 latest smartphone, the OnePlus 5T <a href=\"https:\/\/oneplus.net\/event\" target=\"_blank\">comes out<\/a> this week.<\/p>\n<div data-iframely-id=\"TOQG4ye\" data-embedded-url=\"https:\/\/video.vice.com\/en_us\/video\/motherboard-dear-future-build-diy-powerwall-laptop-battery\/59cbeb0fb159487b3243424c\" class=\"article__embed article__embed--iframely\">\n<div style=\"left: 0; width: 100%; height: 0; position: relative; padding-bottom: 56.2493%;\" data-iframely-smart-iframe=\"true\"><iframe  src= width=\"100%\" height=\"420\" frameborder=\"0\" ><\/iframe> <\/div>\n<\/div>\n<p><a href=\"https:\/\/motherboard.vice.com\/en_us\/article\/59y4vz\/oneplus-backdoor-engineer-mode\" target=\"bwo\" >https:\/\/motherboard.vice.com\/en_us\/rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/video-images.vice.com\/articles\/5a0b2ece48179301ff237528\/lede\/1510682319326-shutterstock_717229345.jpeg\"\/><\/p>\n<p><strong>Credit to Author: Louise Matsakis| Date: Tue, 14 Nov 2017 18:07:52 +0000<\/strong><\/p>\n<p>A pre-installed factory app called Engineer Mode can root devices.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,13328,10378],"tags":[10836,402,11638,3919,16632],"class_list":["post-10478","post","type-post","status-publish","format-standard","hentry","category-independent","category-motherboard","category-security","tag-backdoor","tag-china","tag-exploit","tag-hacking","tag-oneplus"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/10478","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=10478"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/10478\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=10478"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=10478"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=10478"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}