Slashdot Mirror

← Back to Stories (view on slashdot.org)

OnePlus Phones Come Preinstalled With a Factory App That Can Root Devices (bleepingcomputer.com)

Posted by msmash on from the meanwhile-in-Chinese-phones dept.

Catalin Cimpanu, writing for BleepingComputer: Some OnePlus devices, if not all, come preinstalled with an application named EngineerMode that can be used to root the device and may be converted into a fully-fledged backdoor by clever attackers. The app was discovered by a mobile security researcher who goes online by the pseudonym of Elliot Alderson -- the name of the main character in the Mr. Robot TV series. Speaking to Bleeping Computer, the researcher said he started investigating OnePlus devices after a story he saw online last month detailing a hidden stream of telemetry data sent by OnePlus devices to the company's servers.

10 of 73 comments (clear)

  1. Factory root is a feature. by CptLoRes · · Score: 5, Informative

    Seriously no joke. Once you have gotten used to a rooted phone features like full file access etc, there is no going back.

    1. Re:Factory root is a feature. by Anonymous Coward · · Score: 3, Insightful

      Going from the Nexus4 running LineageOS to a Nexus6P, I stopped rooting. Stock Android had become "good enough" for what I wanted and the only thing I was "missing" was arrow keys in the navbar to move the cursor, which you're now able to turn on through ADB.

      But yeah, reading the headline I thought it was describing a feature, not a complaint. I was thinking "that sure is convenient that they can just press a 'be rooted' button in an app and not need to use a PC"

  2. Awesome! by Opportunist · · Score: 4, Insightful

    No longer you have to tinker around and find an app you can install to root your device, now you can root it out of the box, delete the app to root it and you have a rooted device.

    And even one where OnePlus cannot complain about you voiding your warranty by rooting it. Because who said you did it and not some malicious actor, using what they themselves handed to him?

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  3. Oneplus X by ichthus · · Score: 3, Interesting

    I have an X, and I love it. The first thing I did after taking it out of the box was install TWRP and Cyanogen. Currently running LineageOS 14.1. Aside from the so-so camera, this is a great phone.

    --
    sig: sauer
  4. Exists on OnePlus 3T by chill · · Score: 3, Interesting

    This exists on my OnePlus 3T. When listing apps on the phone, there is an option to Show System Apps. You need to turn that on to see EngineerMode.

    "Test Root" is one of the many functions it offers from the main screen. I don't see a way to *gain* root without using the adb command.

    --
    Learning HOW to think is more important than learning WHAT to think.
  5. How is this different than OEM signed apps? by cloud.pt · · Score: 4, Interesting

    Let's get some facts straight:

    System apps are (or can easily become) root by design, so they can do a lot of things other apps can't. This is true for ANY OEM ROM since the anals of Android - preloaded apps are signed with developer keys, so they get API and Linux system privileges.

    System apps chose to perform anything they want, silently. They don't need to ask permission through UI for stuff like Runtime.exec("su"..., or access protected/secured Android API - they just do it. And even if they don't do it from factory, OEMs like Samsung can just put in place a system-level updater that force app updates (they do this actually with samsung store), and eventually turn system apps into something they originally were not.

    Now, Oneplus having an app, a preloaded one at that, which enables third-party apps to have root access is effectively unusual. I am indeed surprised Google sanctioned a ROM with such a feature, because Google does not want typical users circumventing most things Google Play, which can be done with root (common examples are adblocking through hosts files, or changing device properties such as for overclocking) . But then again, this feature is nothing special from a security standpoint. You will still get prompted by the OS whenever an app requests root even after this app turns root on for third-parties.

    So, what kind of exploit can be attained from this kind of app in OnePlus devices? Is there anything different than what you could with an app that is signed with dev keys and already has root access? If an actor is managing to trigger root through the EngineeringMode app automagically, he likely also can do similar stuff with system apps that do NOT allow root to thrid-party apps. They are already injecting code or input after all, they can very well go the extra mile and do it all at once. Why bother escalating another app when you're already in control of an escalated process?

    1. Re:How is this different than OEM signed apps? by cloud.pt · · Score: 4, Informative

      I just want to add the fact that before Samsung, Google Play itself updates without user prompt as soon as you get internet. The very first app that was self-updatable, and such an update is unblockable, is Google Play and Google Play Services themselves.

    2. Re:How is this different than OEM signed apps? by Hentes · · Score: 2

      According to the article this "vulnerability" can only be exploited through adb which pretty much limits it to cases where the attacker already has physical access to the device.

  6. How did we get to this brain-dead state by jabberw0k · · Score: 2

    What kind of insane dystopia is it, where even geeks do not question paying for computers that they do not control?

  7. Writer and Editor are fucking idiots. by Dishevel · · Score: 3, Insightful

    This is what the owners of these phones WANT!
    They want full ownership over their device. Take you sensationalist bullshit and fuck off.

    --
    Why is it so hard to only have politicians for a few years, then have them go away?