OnePlus 5, OnePlus 3T, OnePlus 3 and even some OnePlus One units are vulnerable to root without the need to unlock the bootloader. This is thanks to a Qualcomm system-side app and OnePlus’s decision to leave it in the custody of end users. And it looks to be an issue on the OnePlus 5T as well.

The story begins with a developer posting under the pseudonym of Elliot Alderson, the name of the central character from “Mr. Robot.”

He was able to find a system app named EngineerMode that is actually a Qualcomm factory app with the ability to toggle components such as the charging chip, GPS, NFC and others — as this app shouldn’t be included in consumer-side ROMs, it’s a target app that malicious actors will want to crack into.

With simple ADB script, users can run the application and dig into a diagnostic activity. They are able to gain root if they have a password to bypass privilege escalation checks.

Through some digging into the the device’s cyrptographic library, research firm NowSecure was able to attain the password “angela” — perhaps a reference to the Angela Moss character in “Mr. Robot.” Furthermore, there was a hint to an “AngelaRoot” mode embedded in the APK itself.

A clue as to the OnePlus backdoor password

The app has been found in previous OnePlus phones with OxygenOS installed — those still on CyanogenOS with the OnePlus One apparently don’t see it.

While the EngineerMode APK can be customized per manufacturer, the so-called “Alderson” also claims to be able to tap into ASUS, Xiaomi and the yet-to-be-released OnePlus 5T.

OnePlus co-founder Carl Pei acknowledged the issue, but the company has yet to fully address the backdoor. Qualcomm has not said anything, either.

You May Also Like

Pocketnow Daily: Apple’s ENTIRE 2020 Line-Up to go ALL OUT on Specs?!(video)

On today’s Pocketnow Daily, we talk about the new 5G enabled iPad Pros from Apple, the new Sony Xperia 1.1, Android 11 teasers and more

Apple could be designing its own antennas for the iPhone 12

Apple could be working on creating its own 5G antennas for the upcoming iPhone 12 lineup and their future devices
OnePlus 7 render

Latest OxygenOS updates include optimized RAM management for OnePlus 7, 7 Pro and 7T Pro

The OnePlus 7, 7 Pro and 7T Pro are starting to receive some of the latest OxygenOS updates and security patches available right now