An apparent factory cockup has left OnePlus Android smartphones with an exposed diagnostics tool that can be potentially exploited to root the handsets.
Security researcher Robert Baptiste suggested the EngineerMode APK was made by Qualcomm, and was intended to be used by factory staff to test phones for basic functionality before they are shipped out to the public.
Unfortunately, it seems someone at OnePlus forgot to remove or disable the package before kicking the handsets out to the general public, and as a result folks now have access to what is effectively a backdoor in their Android phones.
In addition to basic diagnostic tasks like checking the functionality of the phone’s hardware components – such as the GPS and wireless electronics – the tool can also allow people, using the password ‘angela’, to obtain root access and gain full control over a device:
Being able to root your phone gives you access to the full functionality of the OS, however. This is something I think is a good idea – there are plenty of apps (eg battery monitors) that require root access to function.
Robin Edgar
Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft