Preinstalled EngineerMode app on OnePlus phones gives root access without unlocking the bootloader

Rooting Android phones is fairly common these days, and it opens up the possibility of doing things that would not otherwise be an option. But if you are rooting your phone, you want it to be you who is in charge of the process. If you have a OnePlus phone, you may be interested -- and a little disturbed -- to learn that the company is preinstalling an app that acts as a backdoor to root access.

The app is called EngineerMode and it is preinstalled on the OnePlus 3, 3T and 5. It is possible to exploit the app to gain root access to a device -- all it takes is a simple command and a password that can be determined fairly easily. On one hand this is a worrying discovery; on the other, it opens up a way to root OnePlus phones without unlocking the bootloader.

See also:

The discovery was made by a Twitter user going by the name of Elliot Alderson‏, using the handle @fs0c131y. They found that the application -- used for factory testing -- could be easily used to gain root access to phones. The fact that it is preinstalled on handsets is something of a concern, and OnePlus is yet to respond to questions about the app and its potential for exploit.

The app is produced by Qualcomm, and The Hacker News explains how to see if you have it:

You can also check if this application is installed on your OnePlus device or not. For this, simply go to settings, open apps, enable show system apps from top right corner menu (three dots) and search for EngineerMode.APK in the list.

If it's there, anyone with physical access to your device can exploit EngineerMode to gain root access on your smartphone.

Details of the exploit have been shared on Twitter:

Elliot Alderson‏ / @fs0c131y intends to use the existence of the app to release a simple tool for rooting OnePlus phones:

Oh, and if you don’t want to wait for the tool to be released, the code you need to execute to root your phone is:

adb shell am start -n com.android.engineeringmode/.qualcomm.DiagEnabled --es "code" "angela"

Although OnePlus has not said whether it intends to push out an update to plug the potential security hole this poses, company co-founder Carl Pei said an investigation is under way:

© 1998-2017 BetaNews, Inc. All Rights Reserved. Privacy Policy.