Chip-Monks  ⁄  SmartPhones  ⁄  Phablet  ⁄  OnePlus 5

OnePlus Includes Qualcomm Engineering App In Phones, Exposes Root Backdoor [Update]

15 Dec, 2017
OnePlus Includes Qualcomm Engineering App In Phones Exposes Root Backdoor1

An inadvertent slip-up has left OnePlus Android smartphones with an exposed backdoor through their diagnostics tool which can be exploited by people with malicious intent.

However, One Plus does not seem to be the only device which has this problem. The security researcher, who goes by the pen name Elliot Alderson, shared that the same backdoor concern could be found in other devices which are supported by Qualcomm

A security researcher, Robert Baptiste, indicated that a certain app, EngineerMode APK, which was made by Qualcomm was designed to be used by factory staff to test smartphones for their basic functionality before they hit the markets . The OEMs remove this app once the initial testing processes are over and the devices are up for sale. However, reports have shown otherwise, especially with regard to the One Plus smartphones, where their smartphones One Plus 3, One Plus 3T, One Plus 5 still house the EngineerMode APK. Along with One Plus, Xiaomi, Asus, Motorola and few others also have the same errant code.

You can also launch the complete app via an Android activity launcher or via the command line. The EngineerMode comes to light with “*#808#”, a secret dialer command. This tool allows unauthorized users to take charge of your device by simply using a password ‘angela’, allowing them full control of your smartphone. The EngineerMode is capable of rooting your devices, check your root status, spot your GPS. These are certain checks that engineers undertake on the production line, before a smartphone is ready to be shipped out for sale. The engineers seem to have absentmindedly left this APK on the smartphones and this could give rise to opportunities for malicious actions allowing external invasion to gain access to the devices.

It is yet unclear which other models have been affected with this problem, One Plus has been on the receiving of a lot of heat because a lot of users have confirmed that they have indeed seen the Engineer Mode in the different One Plus smartphones. The company was quick to take action to these issues, but the latest reports still point a finger towards One Plus. One Plus has made a statement that it will remove the toolkit in an over-the-air update.

A Qualcomm spokesperson made a comment on this issue stating that “After an in-depth investigation, we have determined that the EngineerMode app in question was not authored by Qualcomm. Although remnants of some Qualcomm source code is evident, we believe that others built upon a past, similarly named Qualcomm testing app that was limited to displaying device information. EngineerMode no longer resembles the original code we provided.”
The statement made by One Plus mentions that they will remove the toolkit, however, this might take a toll on the release of their latest smartphone One Plus 5T.