[Update] OnePlus and Other vendors Devices comes with Pre-installed Backdoor app
One developer with a twitter handle @fs0131y have a found in his research that one app named 'Engineer Mode' which is intended to be used in factories to confirm that the device is working properly can be manipulate to gain root access on device.
Engineer Mode app is pre-installed in OnePlus 3, 3T and 5, and can be also in upcoming 5T.
The escalatedUp method is calling Privilege.escalate(password) and if the result is true, it set the system property persist.sys.adbroot and oem.selinux.reload_policy to 1 pic.twitter.com/92LeBfDPAv— Elliot Alderson (@fs0c131y) November 13, 2017
With the help of some other researcher, Alderson he also got the password (required in rooting OnePlus) which help him to root device without unlocking with a few commands only.
This is not a good behaviour for any app with such privileged, and this is puts critical security questions on OnePlus.
Engineer Mode is developed by Qualcomm but it's has been customised by OnePlus.
There is no evidence that this issue has been exploited in wild, but this is a serious matter. CEO of OnePlus have not commented anything on this but he said company is looking to it.
Very soon Alderson will release an app for rooting OnePlus devices, manipulating this bug.
As we already mentioned that Engineer Mode app is developed by Qualcomm, and its being used for factory testing purpose.
We have got an update that Engineer Mode app is pre-installed in many other vendors devices also.
We can say that every Qualcomm device is having the app, here are some of the Vendors name who's some models have found with the app.
Mi (Xaomi), Yu, Motorola, Oppo, Lenovo, Asus, Zenfone, Gionee
You can also check your device, just follow -
Settings➡️Apps➡️Menu➡️Show system Apps, and look for Engineer Mode in a list.
Moreover you can also disable this app,
[Note: We are not responsible for and damage or break down of your device]
You have to connect your device with your computer with a enabling developers options to adb terminal or command line.
Now after successfully connection, type following command on adb terminal
pm uninstall -k --user 0 com.android.engineeringmode
If you also found this on your device, comment below with Vendor, and model name.
UPDATE 2!!!! (Statement from OnePlus)
OnePlus have finally responded to this issue and said -
Engineer Mode app is for factory purpose testing app, it can enable adb root which provides privileges for adb commands, it will not let 3rd-party apps access full root privileges.
Additionally , adb root is only accessible if USB debugging, which is off by default, is turned on, and any sort of root access would still require physical access to your device.
Moreover they also say that this is they didn't see this as a major Security Issue.
OnePlus promise to remove abd function from Engineer Mode app in a next OTA update.
After such statements @fs0c131y (developer who discovered the issue) also said to give a try for malicious activity in OnePlus app.
We can expect single click rooting app for OnePlus by exploiting this bug.