emfizz.com
emfizz.com November 21, 2017


OnePlus phones include an easily exploitable backdoor

15 November 2017, 12:25 | Patty Hardy

OnePlus left a backdoor in its devices capable of root access

OnePlus 5 Security

An apparent factory cockup has left many OnePlus Android smartphones with an exposed diagnostics tool that can be exploited to root the handsets.

Dubbed "EngineerMode" the tool has been designed as an easy way for phone makers to test the hardware on their devices. According to a Twitter user Elliot Alderson, some of OnePlus devices come with EngineerMode APK app pre-loaded on them, which acts as a backdoor, giving people root access without the need for unlocking the phone. This app is used by OnePlus to ensure that a device is working properly before it leaves the factory.

A potentially risky backdoor in multiple OnePlus devices has been just unearthed by a knowing developer, revealing a hidden app that can be potentially used to gain root access and take control over the device.

UFC '100 percent' entering boxing, obtaining promoter's license — Dana White
The Fertittas turned their $2 million purchase of UFC into a $4.025 billion sale last July to the Hollywood agency WME-IMG. He has been asked about boxing before but it was always a big fat no and very flippant.


More Sunshine, Warmer Monday
But, our Pinpoint Weather team will be watching the system all week to make sure we don't have to add in accumulation. Overall a fantastic fall week of weather as days will feature more sunshine than clouds, and nights clear and chilly.


'Hannity' fans boycott Keurig for pulling ads over Moore coverage
It is unclear if the angry " Hannity " fans are a large enough group to hurt the company's coffee sales. Companies commonly shift they sponsorships to protect their brand.


The app, called EngineerMode, is not normally seen unless you ask to see the device's system apps. With root access, an attacker could change just about anything about the device's software. It is actually a modified version of a testing application created by Qualcomm. The application was present on several models of OnePlus devices including OnePlus 3, OnePlus 3T and OnePlus 5. Check the name of native library used to check the code: door...

Still, the presence of the app brings into question OnePlus' security protocols. Once the app was decompiled, a password was still needed for the app so that it would give root access to devices. The company already drew criticism earlier this year over its onerous data collection practices, in which the company sucked up sensitive data from user devices and transmitted that information with each device's serial number attached. It is also possible to delete the app once it is discovered.

In a statement to Android Authority, OnePlus said "We securely transmit analytics in two different streams over HTTPS to an Amazon server".



Other News

Trending Now

Board of Ideal Cellular approves sale of tower business held by subsidiary
Mint had reported that Idea was also in talks to sell its entire stake in Indus to another buyer with the consent of Bharti Airtel .

Senate Finance Committee begins markup of GOP tax reform bill
Trump praised new bills in the House and Senate, called the Tax Cuts and Jobs Act (TCJA), but suggested a few improvements. Both versions of the tax plan cut the top individual rate, but the Senate version only lowers it to 38.5 percent.

Colin Kaepernick named GQ's Citizen of the Year
Back in August, NFL Hall of Famer Jim Brown let it be known he wasn't a fan of Colin Kaepernick kneeling during the U.S. Although a better quarterback than many of his peers, no National Football League team has signed him.

Bill Gates invests $50 million to fight Alzheimer's
The Microsoft co-founder said the donation to the Dementia Discovery Fund is personal and not through his charitable foundation . He added that the Gates Foundation might consider how to expand access in poorer countries when treatments are developed.

New blood pressure range means half of Americans have hypertension
Identifying socioeconomic status and psychosocial stress as risk factors for high blood pressure that should be considered in a patient's plan of care.

Trump Chooses Alex Azar for Health and Human Services Secretary
The drugmaker has drawn criticism from patient advocacy groups for price increases to one of its biggest products: insulin. The White House just named Alex Azar as its new nominee for secretary of the Department of Health and Human Services.

Gal Gadot will quit Wonder Woman unless this alleged harasser is fired
Last month, Gal also refused to attend a dinner honouring Brett Ratner, where she was due to present him with an award. She said she worked from the heart and not the head and I think that Wonder Woman , Diana Prince, is the same.

Penn State Releases Statement in Response to New Beta Theta Pi Charges
Fraternity brothers had previously told police the video system in the basement was not working during the ceremony. It was an annual tradition in the beta Theta Pi house, according to previous testimony.

Trump asked Xi Jinping to help UCLA basketball players busted shoplifting
LiAngelo Ball's family is in Hong Kong marketing $495 Big Baller Brand shoes, according to a tweet from LaVar Ball . White House Press Secretary Sarah Huckabee Sanders confirmed that Trump and Xi talked about the case.

IPhone X Plus Launch Date Set For 2018
The iPhone 8 is expected to see a 50-60% decline this quarter thanks to consumer preference for the iPhone 8 Plus and iPhone X. Both the 64GB and 256GB versions have been affected and this is the same for both Silver and Space Grey devices.