Wednesday, 22 November 2017
Latest news
Main » OnePlus phones sold with root exploit backdoor

OnePlus phones sold with root exploit backdoor

14 November 2017

OnePlus has still to fully recover from the data collection allegations it faced last month, and now fresh allegations have surfaced over user privacy.

OnePlus' co-founder clarified that the company was collecting data to "better understand general phone behavior and optimize OxygenOS for a better overall user experience". This app is used by OnePlus to ensure that a device is working properly before it leaves the factory. We have confirmed it is installed on the OnePlus 3, 3T, and 5. "Using this shell command triggers the diagnostic mode (or backdoor) and grants future ADB sessions root access, even after the device is rebooted", NowSecure stated in a blog post.

The app can diagnose Global Positioning System, check the root status, perform a series of automated tests, and more.

If hackers wanted to get into your phone, they would need physical access to it, so if you have any OnePlus devices, just keep it away from any of your playful tech-savvy friends until the app is officially removed. Having root access essentially means the user has complete control over the device, including privileged control over features that would otherwise be locked up.

"If you have an OnePlus device, I'm pretty sure you have this app pre-installed".

Getting root access to a smartphone allows a hacker to access "superuser" mode, making it extremely easy to inject malware with surveillance capabilities. However, it can be exploited to enable backdoor rooting.

The inclusion of the app appears to be an oversight on the part of OnePlus, and company founder Carl Pei said the team is looking into it. He discovered that his OnePlus 2 device was sending data to an HTTPS domain, which was transmitted to Amazon Web Services and belongs to OnePlus (open.oneplus.net domain).

OnePlus phones sold with root exploit backdoor