News: Another Security Concern from OnePlus Backdoor Root App Comes Preinstalled on Millions of Phones
After recently being in the news for collecting PII (personally identifiable information) for analytics and after-sales support, OnePlus has another security problem. An individual going by the name Elliot Alderson discovered an app in OnePlus devices that can enable root access with one command.Although we as Android users aspire to root our devices, we are aware of the risk that rooting provides. With an app that simplifies the process, millions of devices are now vulnerable.Rooting provides system access to Android devices. By accessing the root folder, users can make changes that would otherwise be impossible without this privilege. However, this same privilege could be used by another individual to conduct a particularly nasty attack on your device.The same level of control that you may use harmlessly can be used to extract PII, listen to conversations, and many other attacks that could harm you financially. With an app simplifying this process, anyone within physical access to your device (or even remote access using malware) can exploit this backdoor.Don't Miss: Understanding Android Root (A Guide for Newbies) The app is called EngineerMode and was designed by Qualcomm to perform tests before deploying phones out to the public. OEMs are expected to remove this app once the testing is completed due to this vulnerability. The app can perform a number of tests including diagnosing sensors, checking root status, and providing root access without unlocking the bootloader.Therein lies the problem: Android has security mechanisms in place to ensure that once a phone's bootloader is unlocked to enable root using traditional methods, all data is automatically wiped. But since this app can grant root without unlocking the bootloader, another app that exploited this backdoor could bypass these security mechanisms and theoretically access all of your existing data.Elliot Alderson, upon discovering the application, speculated that it could be used to root devices by finding a simple password. The NowSecure Research Team answered the call and learned the password that enables this simple root method OnePlus devices. To root a device, the DiagEnabled function must be launched from the app. This function has a method called escalatedUp which, when given the correct password, will root devices.By inputting the following command using ADB, you can root your device:adb shell am start -n com.android.engineeringmode/.qualcomm.DiagEnabled --es "code" "angela"Once entered, ADB will disconnect and restart. Once you re-enter ADB, you will find that your device is rooted — with no superuser management tool like SuperSU to dole out root access, and more importantly, to deny root access to certain apps.
Update 1: More Devices Found with EngineerModeIt looks like this application has been discovered on other devices. Since it's a Qualcomm application, any device using a Qualcomm SoC could potentially still have this APK installed.According to Alderson, devices from Xiaomi, Motorola, and ASUS have been found with this app on consumer models. To see if the app is on your device, navigate to the "Apps" menu in Settings, then tap the three-dot menu button in the upper-right corner (or along the bottom of the screen) and select "Show System processes." From there, if you see an app called "EngineerMode," your device is vulnerable to this exploit.OnePlus's Carl Pei has replied to Elliot Alderson, stating "Thanks for the heads up, we're looking into it," indicating a future update will remove this system app. Hopefully, a complete list of affected devices will emerge so other OEMs will also send out a fix.In the meantime, according to Alderson, the upcoming OnePlus 5T will have the same app preinstalled. Hopefully, OnePlus can get to the bottom of this soon.
Update 2: OnePlus RespondsWell that was fast. OnePlus staff member OmegaHsu posted on the OnePlus forum Monday night addressing the issue. In the post, OmegaHsu explains that, although EngineerMode can potentially root the device via ADB commands, third parties cannot trigger the exploit to acquire root privileges. An app cannot send ADB commands from within Android, so EngineeringMode theoretically shouldn't be susceptible to malware attacks like the recently discovered Toast Overlay bug. The process would also need USB debugging to be enabled in the phone's settings, which is disabled by default and would require physical access to enable. OmegaHsu further explains that, due to customer concern, ADB root commands will be removed from EngineerMode in a coming OTA, although the company does not see ADB root as a security threat.So, what do you think? With the OnePlus 5T announcing in a few days, does this latest security problem make you reconsider the device? Let us know in the comments below. Stay tuned to Gadget Hacks for more updates on this story.Don't Miss: OnePlus 5T Rumor Roundup — All the Latest Leaks & News on the Upcoming FlagshipFollow Gadget Hacks on Facebook, Twitter, Google+, YouTube, and Instagram Follow WonderHowTo on Facebook, Twitter, Pinterest, and Google+
Cover image and screenshots by Jennifer Welsh/Gadget Hacks
Here's a tip from iMore's Ally Kazmucha for users who are suffering from disappearing or improperly syncing iCloud contacts once they've upgraded to iOS 7.1.2. It turns out the issue isn't with
In this video, I'll be showcasing DUAL, an Android and iOS game that lets you shoot bullets at your friends from one device to the other. For more information, check out the full article over on
How To Survive The Night In Resident Evil 2 - Game Informer
The Japanese company just introduced its first phone with dual cameras - Xperia XZ2 Premium. The phone has a 4K HDR screen, Snapdragon 845 SoC, 6 GB RAM and the ability to capture photos and videos in extremely low-lit environments. The TRILUMINOS display is 5.8" with a resolution of 2160 x 3840 pixels in the standard 16:9 ratio.
Sony Mobile unveils the XZ Premium - the world's first to
News: iOS 11.4 Beta 5 Released for iPhones with Under-the-Hood Improvements News: AR Cloud Company 6D.Ai Seeks Developers for Closed Beta of SDK News: HQ Trivia Now Available to Download on Android News: iOS 11.2.5 Beta 5 Released for iPhones with Under-the-Hood Improvements Only
iOS 8.3 beta 3 released with new features and improvements
Manage Wi-Fi networks is a setting that lets you edit your saved Wi-Fi networks that are always blocked or always allowed. These lists prevent your device from connecting to networks that you know are unprotected to safeguard your personal data.
Installation and Configuration of AMP Module Through
To open your Google+ settings, click on the gear icon that is on the far right end of the Google toolbar, then select the "Profile and privacy" menu item in the Google Accounts panel. The Profile and privacy panel contains information about your Google+ privacy settings and buttons that take you to screens that enable you to control your
Basic Privacy Settings & Tools | Facebook Help Center | Facebook
If you don't want to pay Flickr's new rates, there are two ways to download your photos depending on how much info you've got. users who have more than 1,000 photos in their accounts
Why does Flickr offer 1TB of storage for free yet charge $499
When you start running short on space on your iPhone, you can start deleting apps and offloading photos and videos to free up space or you can expand your storage. You can also try to trick your
The simple trick that frees up space on your iPhone without
In this softModder tutorial, I'll show you how to install the Xposed framework onto your Nexus 5. Xposed is a great tool that enables a much deeper level of customization on your Android device.
How to Install the Xposed Framework on Your Nexus 5 for Max
To reset your iPhone to factory default settings, go to Settings -> General -> Reset -> Reset All Settings. 4. Stronger Measures: Fix The Frozen iPhone Problem For Good. If a hard reset didn't work, or if you've tried all the software fixes I describe above and your iPhone is still frozen, we need to hit the frozen iPhone problem with The
How to Fix a Frozen or Malfunctioning Apple Watch by
The best Android streaming apps offer the same content as Exodus Kodi addon, for example, and are more convenient to install and use. Here's a list with some of the best Android streaming apps. [Read: 10 Best Legal Android Streaming Apps for Movies and TV Shows]
10 Best Free Movie Apps for Streaming in 2019 - lifewire.com
0 komentar:
Posting Komentar