OnePlus Phones Come Preinstalled With a Factory App That Can Root Devices (bleepingcomputer.com) 73
Catalin Cimpanu, writing for BleepingComputer: Some OnePlus devices, if not all, come preinstalled with an application named EngineerMode that can be used to root the device and may be converted into a fully-fledged backdoor by clever attackers. The app was discovered by a mobile security researcher who goes online by the pseudonym of Elliot Alderson -- the name of the main character in the Mr. Robot TV series. Speaking to Bleeping Computer, the researcher said he started investigating OnePlus devices after a story he saw online last month detailing a hidden stream of telemetry data sent by OnePlus devices to the company's servers.
Comment removed (Score:5, Informative)
Re: (Score:2)
So install a Ukranian bitcoin mining program I guess? That has nothing at all to do with root. Do you even know how any of this works?
These days it only requires browsing a specific web page. No need to install any app.
A Surge of Sites and Apps Are Exhausting Your CPU To Mine Cryptocurrency [slashdot.org]
Re: (Score:1)
I'm sure there is a place for you. somewhere on redit maybe, but slashdot isn't it. Maybe there is a walled guard you might enjoy.
I think I would have more in common with Ukrainian bitcoin miners and would people in that garden and gladly pay extra for a phone 'not designed' to protect you.
Re: (Score:3, Insightful)
Going from the Nexus4 running LineageOS to a Nexus6P, I stopped rooting. Stock Android had become "good enough" for what I wanted and the only thing I was "missing" was arrow keys in the navbar to move the cursor, which you're now able to turn on through ADB.
But yeah, reading the headline I thought it was describing a feature, not a complaint. I was thinking "that sure is convenient that they can just press a 'be rooted' button in an app and not need to use a PC"
Re: (Score:2)
Serious question:
I have an non-rooted Nexus 5 which I've been quite happy with, as it does what I want it to do.
Unfortunately, Google no longer offers security updates for the phone, so I guess that my best option going forward is to root it and install Lineage or some other ROM.
What would be the most straightforward and least painful way of going about it? I understand that backup can be a problem.
Thanks.
Re: (Score:2)
Sure is! Can't wait until every cop who pulls you over clones your entire phone with the backdoor!
Awesome! (Score:5, Insightful)
No longer you have to tinker around and find an app you can install to root your device, now you can root it out of the box, delete the app to root it and you have a rooted device.
And even one where OnePlus cannot complain about you voiding your warranty by rooting it. Because who said you did it and not some malicious actor, using what they themselves handed to him?
Re: (Score:1)
OnePlus don't invalidate warranties for rooting anyway.
Oneplus X (Score:4, Interesting)
I have an X, and I love it. The first thing I did after taking it out of the box was install TWRP and Cyanogen. Currently running LineageOS 14.1. Aside from the so-so camera, this is a great phone.
Re: (Score:2)
Re: (Score:1)
posting AC to protect moderation
Oneplus One here with LineageOS (https://download.lineageos.org/bacon) and except for compass calibration it runs better than it did with original firmware. And I can have current security patch level within a week
Exists on OnePlus 3T (Score:4, Interesting)
This exists on my OnePlus 3T. When listing apps on the phone, there is an option to Show System Apps. You need to turn that on to see EngineerMode.
"Test Root" is one of the many functions it offers from the main screen. I don't see a way to *gain* root without using the adb command.
How is this different than OEM signed apps? (Score:5, Interesting)
Let's get some facts straight:
System apps are (or can easily become) root by design, so they can do a lot of things other apps can't. This is true for ANY OEM ROM since the anals of Android - preloaded apps are signed with developer keys, so they get API and Linux system privileges.
System apps chose to perform anything they want, silently. They don't need to ask permission through UI for stuff like Runtime.exec("su"..., or access protected/secured Android API - they just do it. And even if they don't do it from factory, OEMs like Samsung can just put in place a system-level updater that force app updates (they do this actually with samsung store), and eventually turn system apps into something they originally were not.
Now, Oneplus having an app, a preloaded one at that, which enables third-party apps to have root access is effectively unusual. I am indeed surprised Google sanctioned a ROM with such a feature, because Google does not want typical users circumventing most things Google Play, which can be done with root (common examples are adblocking through hosts files, or changing device properties such as for overclocking) . But then again, this feature is nothing special from a security standpoint. You will still get prompted by the OS whenever an app requests root even after this app turns root on for third-parties.
So, what kind of exploit can be attained from this kind of app in OnePlus devices? Is there anything different than what you could with an app that is signed with dev keys and already has root access? If an actor is managing to trigger root through the EngineeringMode app automagically, he likely also can do similar stuff with system apps that do NOT allow root to thrid-party apps. They are already injecting code or input after all, they can very well go the extra mile and do it all at once. Why bother escalating another app when you're already in control of an escalated process?
Re:How is this different than OEM signed apps? (Score:5, Informative)
I just want to add the fact that before Samsung, Google Play itself updates without user prompt as soon as you get internet. The very first app that was self-updatable, and such an update is unblockable, is Google Play and Google Play Services themselves.
How did we get to this brain-dead state (Score:3)
Re: (Score:2)
Indeed. Maybe my comment read otherwise, but I completely with you. Unfortunately this is becoming standard, and Android is just one example. Windows Home and it's snooping, it's Administrative Templates who nobody really cares about (wasn't regedit enough of a hassle?), it's unblockablae, P2P-based updates that will work on caped networks as long as one PC in the network has the update; Amazon and it's Kindle Fires and their closed stores; Apple...oh Apple; And Cloud services and storage - that is the drea
Re: (Score:2)
I am triple posting just to make one thing very clear: Google, Samsung, and whatever OEM has an app that self-updates or that updates other apps unnatendedly, and most of all, without an opt-out setting, has a backdoor built-in. I'm gonna make it short and bold:
Re: (Score:3)
According to the article this "vulnerability" can only be exploited through adb which pretty much limits it to cases where the attacker already has physical access to the device.
Re: (Score:2)
Which in turn means dev options must be on, for which the OnePlus must be unlocked (screenlock-dismissed) to do so if not already. I'm also assuming it will need to allow the adb-triggering device to be authorized for adb on first prompt, again only doable on an unlocked OnePlus unless the attacker also has the user's PC.
When a phone doesn't have security lockscreens in place, you can assume it's pretty much an open book - most installed apps such as gmail should have been "trusted" by now, and 2-factor aut
I have that option in setrigs (Score:1)
telemetry is dumb (Score:1)
When are we going to find out that this is a.) privacy violation; and b.) just dumb? Even if you can learn things about your users, even if that helps you, how is this better than talking to users? Asking questions? Getting honest feedback? Collecting telemetry is somehow
That isn't all they come with (Score:2)
Writer and Editor are fucking idiots. (Score:4, Insightful)
They want full ownership over their device. Take you sensationalist bullshit and fuck off.
Re: (Score:2)
Actually, as I tried to explain in my comment, they are simply stating something for OnePlus hat actually also happens in any device. Any OEM can potentially covert one of its preloaded apps into a backdoor, or simply force installation of one signed with their keys, which grants them root.
I believe this is called cherry-picking - in this case picking one OEM that does one (supposedly bad) thing, but not actually admiting everyone else can do the exact same...
Every OEM app has root. Every OEM can turn your
Re: (Score:2)
Ownership over their phone! There are some companies that restrict the, "Owner" from owning their phone. One Plus though gives you the power.
Bitching at people for allowing you to control your own phone because someone else might use it makes you a fucking idiot at best.
Re: (Score:2)
User has total file control. User can see it, modify it, delete it.
Re: (Score:2)
Oh my god, you're dumber than I suspected, some might say "almost fanboy"... OnePlus are decent and all, but they're not the 2nd coming of GNU Jesus. They are a for-profit company backed by investors with investor interests, so take a fucking hint. Last time I checked they no longer provide source code on the OS their devices ship with.
Re: (Score:2)
Re: (Score:2)
I love the way I actually agreed with you, yet somehow you're so dumb, some might even say "almost retarded", to actually notice...
If it wasn't clear: I APPRECIATE THE FACT ONEPLUS DOES THIS, AND MORE COMPANIES SHOULD ALLOW ROOT JUST LIKE SONY DID BACK IN 2011 BY JUST CLICKING A LINK. ...All I wanted was to make a fucking point that while OnePlus allows third-party, every other OEM also has the means to do it. In fact, they pretty much do it by preloading self-updater apps on their hardware such as Faceboo
Re: Writer and Editor are fucking idiots. (Score:2)