Slashdot Mirror
OnePlus Phones Come Preinstalled With a Factory App That Can Root Devices (bleepingcomputer.com)
Catalin Cimpanu, writing for BleepingComputer: Some OnePlus devices, if not all, come preinstalled with an application named EngineerMode that can be used to root the device and may be converted into a fully-fledged backdoor by clever attackers. The app was discovered by a mobile security researcher who goes online by the pseudonym of Elliot Alderson -- the name of the main character in the Mr. Robot TV series. Speaking to Bleeping Computer, the researcher said he started investigating OnePlus devices after a story he saw online last month detailing a hidden stream of telemetry data sent by OnePlus devices to the company's servers.
Seriously no joke. Once you have gotten used to a rooted phone features like full file access etc, there is no going back.
No longer you have to tinker around and find an app you can install to root your device, now you can root it out of the box, delete the app to root it and you have a rooted device.
And even one where OnePlus cannot complain about you voiding your warranty by rooting it. Because who said you did it and not some malicious actor, using what they themselves handed to him?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I have an X, and I love it. The first thing I did after taking it out of the box was install TWRP and Cyanogen. Currently running LineageOS 14.1. Aside from the so-so camera, this is a great phone.
sig: sauer
This exists on my OnePlus 3T. When listing apps on the phone, there is an option to Show System Apps. You need to turn that on to see EngineerMode.
"Test Root" is one of the many functions it offers from the main screen. I don't see a way to *gain* root without using the adb command.
Learning HOW to think is more important than learning WHAT to think.
Let's get some facts straight:
System apps are (or can easily become) root by design, so they can do a lot of things other apps can't. This is true for ANY OEM ROM since the anals of Android - preloaded apps are signed with developer keys, so they get API and Linux system privileges.
System apps chose to perform anything they want, silently. They don't need to ask permission through UI for stuff like Runtime.exec("su"..., or access protected/secured Android API - they just do it. And even if they don't do it from factory, OEMs like Samsung can just put in place a system-level updater that force app updates (they do this actually with samsung store), and eventually turn system apps into something they originally were not.
Now, Oneplus having an app, a preloaded one at that, which enables third-party apps to have root access is effectively unusual. I am indeed surprised Google sanctioned a ROM with such a feature, because Google does not want typical users circumventing most things Google Play, which can be done with root (common examples are adblocking through hosts files, or changing device properties such as for overclocking) . But then again, this feature is nothing special from a security standpoint. You will still get prompted by the OS whenever an app requests root even after this app turns root on for third-parties.
So, what kind of exploit can be attained from this kind of app in OnePlus devices? Is there anything different than what you could with an app that is signed with dev keys and already has root access? If an actor is managing to trigger root through the EngineeringMode app automagically, he likely also can do similar stuff with system apps that do NOT allow root to thrid-party apps. They are already injecting code or input after all, they can very well go the extra mile and do it all at once. Why bother escalating another app when you're already in control of an escalated process?
UMIDIGI Crystal Settings>DeveloperOptions>Root (switch) then enter 12 digit code (copypaste) and press root. After 2 minutes you can get a rooted device!
What kind of insane dystopia is it, where even geeks do not question paying for computers that they do not control?
From the article ... a hidden stream of telemetry data sent by OnePlus devices to the company's servers.
... dishonest. It's like you're lying to yourself, looking for a better picture, but what you're really getting is obfuscated view of truth. Sure, people clicked this, typed that, but if that's telling you something, then you're just hearing things.
When are we going to find out that this is a.) privacy violation; and b.) just dumb? Even if you can learn things about your users, even if that helps you, how is this better than talking to users? Asking questions? Getting honest feedback? Collecting telemetry is somehow
He's not from the dark side or anything, he just got a different phone. Jeezus.
Do you get all your info from short articles in Ms. Magazine? California's legal age of marriage is 18, which to me is perfectly reasonable. And, of course young marriage is largely (if not entirely) driven by immigrant populations.
It's all sort of a tangent point to, it isn't socially acceptable to discuss plans to actually have a child bride of your own.
Comment removed based on user account deletion
Stop slandering creimer. You know damn well that he doesn't want a child bride when he can get a lady boy in Bangcock.
As we have found out in the past.
It's all sort of a tangent point to, it isn't socially acceptable to discuss plans to actually have a child bride of your own.
A wholly unnecessary point that YOU introduced with your comment that was unrelated to the parent's comment. You need to get a fucking life since your wife and children have failed to make you a decent human being.
I stand by my comments that creimer discussing his musings of buying a child bride is socially unacceptable. Not sure why that makes you so mad; the truth hurts, I suppose.
"child marriage is as American as Apple pie"
This is one of the few times I wish you had enough karma that you'd post that with your name attached creimer. Even though marrying a child is illegal for you in every single state despite what you think,. Your autism completely blinds you to the idea that people would be disturbed by an elderly man showing interest in high school aged girls if it was legal
Millennial detected. 40's is middle-age, 70's is elderly.
In Japan the worlds most advanced AIs were sent to analyze you and they determined that you are indeed a senior citizen
https://imgur.com/a/0Wknf
To a teenage bride, 48 is elderly.
Roy Moore is getting (rightly) ostracized for getting with "consenting" teenagers in his early 30s. Creimer is arguing that a 48 year old buying a teenage bride from a 3rd world country really isn't that wrong. He deserves to be dragged out into the street and shot like a dog.
It's not like it's a walled "magical garden" that's free from bugs I'm sure the manufacturer's rooting app is as safe as any spyware in the istore.
--I just want people to know that creimer talks about marrying mexican child brides, that is all thank you.
His comment was on topic! See he said there isn't anything special about a walled garden vs manufacturer installed apps. Then he supported his argument by establishing the fact that you're a loony whose opinion doesn't matter by drawing attention to the fact hint at getting child brides from mexico. Maybe it's a logical fallacy on his part but it's a common misconception that a logical fallacy negates any argument or even makes it wrong. (Autistics often struggle with this idea)
From there we went into a deeper discussion on the ethics of marrying a highschool girl when you're nearly 50. That's what's so wonderful about slashdot's threaded comment system. Highly respected commentators are allowed to digress into new discussions naturally without disrupting neurotypical human beings!
If you believe creimer is looking for a child bride, call the FBI. Keep in mind that he has a security clearance, has already been vetted by the FBI and works for the NSA/CIA/FBI/GPO and/or State of California. The Slashdot community is never wrong.
This is what the owners of these phones WANT!
They want full ownership over their device. Take you sensationalist bullshit and fuck off.
Why is it so hard to only have politicians for a few years, then have them go away?
Yes, of course if you actually gave concrete plans and seemed to be going through with the process I would report it. But even talking about your desire to marry a child bride is creepy, disgusting, and weird. It doesn't matter if you don't actually plan on doing such a thing, and you're just publicly daydreaming about it on a technology forum, for god-knows-what-reason.
But even talking about your desire to marry a child bride is creepy, disgusting, and weird. It doesn't matter if you don't actually plan on doing such a thing, and you're just publicly daydreaming about it on a technology forum, for god-knows-what-reason.
The only person who is publicly daydreaming of creimer with a child bride is YOU. Everyone on Slashdot knows that creimer hurt your covfefe. Slandering him and assuming every AC is Chris won't change that. You need help.
You mean the FBI every time you regale us with stories of your commute you describe riding the bus to the FBI building
You told everyone that you work at the FBI you told us over and over about your commute to a three letter agency that exists in the FBI building
You work at the FBI FBI FBI FBI
Stop saying child bride!!! It's so creepy
Be like creimer and refer to them as underage sweet things.
It sounds gross exploitative and perverted when you say child bride
Stop saying child bride!!! It's so creepy
Be like creimer and refer to them as underage sweet things.
It sounds gross exploitative and perverted when you say child bride
The child bride AC is a pervert. His wife and children don't satisfy him. He has to project his sexual fantasies on to creimer to jerk off before pretending to be a decent human being.
âoeMarrying a child bride is as American as Apple Pie.â -creimer, in the same thread he calls someone else a pervert.
âoeMarrying a child bride is as American as Apple Pie.â -creimer, in the same thread he calls someone else a pervert.
Please educate yourself. This is a very serious issue that's starting to get attention in the media.
Child marriage isn't just a practice that victimizes girls in poor countries. As this blog has previously reported, it's also long been an issue in the United States, involving girls from a wide range of backgrounds. Based on state marriage license data and other sources, advocacy groups and experts estimate that between 2000 and 2015 alone, well over 200,000 children — nearly all of them girls — were married. In nearly all cases the husband was an adult.
https://www.npr.org/sections/goatsandsoda/2017/08/30/547072368/a-look-at-the-loopholes-that-allow-child-marriage-in-the-u-s
Fascinating Lilly!
I will study up tonight and we can continue our discussion in the replies of creimer's next post. I believe that by responding to creimer's -1 posts we can make the world a better place.
Good links, you might also be interested in this creimer-related article.
A fat man brags
his karma is terrible
His name is Chris
Comment removed based on user account deletion