A pre-installed application leaves users at risk.
OnePlus installs a certain application on their phones. This application is called EngineerMode and is used by the manufacturer for factory testing. Unfortunately, this application leaves a back door in the phone which leaves users at risk.
The vulnerability was found by Elliot Alderson who shared his findings on Twitter.
— Elliot Alderson (@fs0c131y) November 13, 2017
Alderson discovered that this app could, with the proper password, be used to root the device. With the help of a few others, the password was discovered, and root was obtained, by running just a few commands. Alderson promised to release an app soon that would enable users to root their phones.
I’m sure there are many in the rooting community that will appreciate this finding and rush to root their phones utilizing this method. But in reality, this should be seen as bad news for most users. Extremely bad news.
This method of root could easily be used in conjunction with a variety of other exploits in a malware attack. As we should all know by now, malware gaining root access to a device allows malware creators to do essentially anything they like with an infected device. From stealing information, to using the device to carry out tasks, without the owners knowledge, can be done once root access is achieved.
This app has been confirmed to be installed on the OnePlus 3, 3T, and 5 as well as the OxgenOS for OnePlus One.
OnePlus users need to be very careful with what they choose to install on their phones. Let’s hope that OnePlus does something quickly to protect their users.
source: Android Police