etvfutures.com
etvfutures.com November 22, 2017


Your OnePlus Device Is Prone To Hacking

14 November 2017, 11:34 | Brandon Parsons

OnePlus left a backdoor in its devices capable of root access

OnePlus 5 Security

Users have discovered that numerous company's phones from the past few years (including the OnePlus 5) include a Qualcomm testing app, EngineerMode, that lets you get root-level access to the phone without having to unlock its bootloader. Later, Pei confirmed in a blog post that OnePlus it will scale back on data collection on its devices.

Still, the presence of the app brings into question OnePlus' security protocols. This is thanks to a Qualcomm system-side app and OnePlus's decision to leave it in the custody of end users. While that was deliberate, the company is again in the news for another problem with its devices, where a preloaded app can allow users to root their devices through a backdoor, without unlocking the bootloader.

While the vulnerability allows attackers to use the EngineerMode app to fully compromise devices, a mitigating factor is that local access to devices is needed - no remote exploit is available. They are able to gain root if they have a password to bypass privilege escalation checks.

OxygenOS 4.5.1 on the OnePlus 3 and version 4.5.14 on the OnePlus 5 come with the EngineerMode app installed. The user can access manual tests like root status test, Global Positioning System test or the main activity by sending a command.

AWS Sells Chinese Cloud Assets Amid Tightening Regulations
Global firms in China, including Apple Inc, have this year transferred data to Chinese ventures overseen by local authorities. The e-retailer added that it sold its physical assets of AWS to Sinnet in order to comply with the Chinese law.


If it's there, anyone with physical access to your device can exploit EngineerMode to gain root access on your smartphone. While the risk is low since enabling root requires ADB, it still poses a threat to users.

In a statement to Android Authority, OnePlus said "We securely transmit analytics in two different streams over HTTPS to an Amazon server".

Now, on its own, this app can't do anything malicious; it's a powerful tool intended for device testing and maintenance.



Other News

Trending Now

Pull your troops out of war-torn Syria, Erdogan tells US, Russia
Putin opened Monday's meeting at Russia's Black Sea resort of Sochi by saying that relations Moscow and Ankara have been "restored practically in full".

Wall Street Analysts Forecast 8.6% on Marathon Oil Corporation (NYSE:MRO)
After $0.60 actual EPS reported by SemGroup Corp for the previous quarter, Wall Street now forecasts -21.67% negative EPS growth. Of the analysts who provided ratings, 14 rated the company a Hold, 2 rated it a Strong Sell, and 7 rated it a Strong Buy.

Russian foreign minister: US-patronaged fighters pose most danger in Syria
Gadi Eisenkot secretly flew to Brussels on Friday where he met with met with the head of the US Army's European Command Gen. Netanyahu said he told Washington and Moscow Monday that Israel will act according to its "security needs".

IOS 11 update brings faster wireless charging
Apple has yet to release its AirPower charging pad; however, there are some third party options that work well with the iPhone. Qi chargers can support 15W of wireless charging, but it's not known whether Apple's iPhone lineup can do the same.

Nintendo Planning Another Super Mario Brothers Movie
Illumination, which is behind the Despicable Me franchise and subsequent spin-offs, declined to comment. Universal Pictures for reaching a deal at Nintendo for an animated Super Mario Bros . movie.

Congress Declares US Military Support of Saudi Arabia in Yemen War Unauthorized
The UN has warned that an already catastrophic humanitarian crisis in Yemen was worsening each day that aid shipments remained blocked.

Luxury and Comfort: Emirates Unveils Design of New First Class Cabin
The Gulf's largest carrier says deliveries will begin in 2022, bringing its total commitment with Boeing to over 200 units. But the suite in the middle also gets its own virtual window that shows the same scenery as the real ones.

Just the Facts on JC Penney Company, Inc. (JCP)
The expected future growth in earnings per share ("EPS") is an incredibly important factor.in identifying an under-valued stock. The transaction was disclosed in a filing with the Securities & Exchange Commission, which is accessible through this link .

Toll in Iran-Iraq natural disaster rises to 530
Meantime, five groups of injured people were transferred to the Iranian capital, Tehran, on Monday to receive further treatments. The head of the elite Revolutionary Guards, Major General Mohammad Ali Jafari, said many older buildings collapsed.

Investors ask trade group if Venezuela sovereign debt is in default
Restrictions include a ban on U.S. entities buying any new Venezuela debt issues - usually a required step in any restructuring. The US has designated vice president El Aissami himself a drug kingpin with whom US entities are barred from dealing.