X

OnePlus backdoor means hackers could take over your phone

Software called EngineerMode means hackers could do whatever they want with a phone as long as they have it in hand.

stephenshankland.jpg
stephenshankland.jpg
Stephen Shankland principal writer
Stephen Shankland has been a reporter at CNET since 1998 and writes about processors, digital photography, AI, quantum computing, computer science, materials science, supercomputers, drones, browsers, 3D printing, USB, and new computing technology in general. He has a soft spot in his heart for standards groups and I/O interfaces. His first big scoop was about radioactive cat poop.
Expertise processors, semiconductors, web browsers, quantum computing, supercomputers, AI, 3D printing, drones, computer science, physics, programming, materials science, USB, UWB, Android, digital photography, science Credentials
  • I've been covering the technology industry for 24 years and was a science writer for five years before that. I've got deep expertise in microprocessors, digital photography, computer hardware and software, internet standards, web technology, and other dee
Stephen Shankland
2 min read

Hackers who get hold of some OnePlus phones can obtain virtually unlimited access to files and software through use of a testing tool called EngineerMode that the company evidently left on the devices.

Robert Baptiste, a freelance security researcher who goes by the name Elliot Alderson on Twitter after the "Mr. Robot" TV show character, found the tool on a OnePlus phone and tweeted his findings Monday. Researchers at security firm SecureNow helped figure out the tool's password, a step that means hackers can get unrestricted privileges on the phone as long as they have the device in their possession.

The OnePlus 5
Enlarge Image
The OnePlus 5

The OnePlus 5

Josh Miller/CNET

The EngineeerMode software functions as a backdoor, granting access to someone other than an authorized user. Escalating those privileges to full do-anything "root" access required a few lines of code, Baptiste said.

"It's quite severe," Baptiste said via a Twitter direct message.

OnePlus  disagreed, though it said it's decided to modify EngineerTool.

"EngineerMode is a diagnostic tool mainly used for factory production line functionality testing and after sales support," the company said in a statement. Root access "is only accessible if USB debugging, which is off by default, is turned on, and any sort of root access would still require physical access to your device. While we don't see this as a major security issue, we understand that users may still have concerns and therefore we will remove the adb [Android Debug Bridge command-line tool] root function from EngineerMode in an upcoming OTA."

SecureNow found the tool on the OnePlus 3 and OnePlus 5 . Android Police reported it's also on the OnePlus 3T. And Baptiste said it's also on the new OnePlus 5T.

Baptiste had spotted evidence that EngineerMode was written by mobile chipmaker Qualcomm. But  Qualcomm  said Wednesday that's not the case.

"After an in-depth investigation, we have determined that the EngineerMode app in question was not authored by Qualcomm," the company said in a statement. "Although remnants of some Qualcomm source code is evident, we believe that others built upon a past, similarly named Qualcomm testing app that was limited to displaying device information. EngineerMode no longer resembles the original code we provided."

First published Nov. 14, 12:06 p.m. PT.
Update, 2:03 p.m. PT: Adds comment from OnePlus.
Update, Nov. 15, 9:43 a.m. PT: Adds comment from Qualcomm saying it didn't create the EngineerMode tool.