www. O S N E W S .com
News Features Interviews
BlogContact Editorials
.
OnePlus left a backdoor in its devices with root access
By Thom Holwerda on 2017-11-14 10:37:35

Just a month ago, OnePlus was caught collecting personally identifiable data from phone owners through incredibly detailed analytics. While the company eventually reversed course on the data collection, another discovery has been made in the software of OnePlus phones. One developer found an application intended for factory testing, and through some investigation and reverse-engineering, was able to obtain root access using it.

People often tout OnePlus phones as an alternative to the Pixel line now that Google abandoned the Nexus concept of affordable, high-quality phones. Recent events, however, have made it very clear that you should really steer clear of phones like this, unless you know very well what you're doing.

 Email a friend - Printer friendly - Related stories
.
Post a new comment
.
accident?
By Risthel on 2017-11-14 10:49:48
And at the xda-developers news section, they published as "accidentally pre-installed app issue". Jesus. Some people like to believe that wrong actions done by phone makers are by accident...
Permalink - Score: 1
.
Comment by sj87
By sj87 on 2017-11-14 12:37:38
Rooting doesn't make any device insecure. It requires an actual vulnerability in order to be abused.
Permalink - Score: 3
.
RE: Comment by sj87
By ahferroin7 on 2017-11-14 13:28:56
No, being able to get root access as a non-privileged user does make a device insecure, as at that point you can do pretty much anything you want with the system, you don't need some other exploit to be able to trivially brick the device, or force a factory reset, or steal data off of it (although the last is not as easy now that most good Android phones come with encryption enabled by default).
Permalink - Score: 5
.
need to be addressed
By mmrezaie on 2017-11-14 13:32:45
Chinese and Asian companies really need to address this questionable stuff pretty soon to not fall into the trap of by default being assumed not being secure and full of backdoors. They could be good alternatives but not like this ever.

p.s. not that Intel ME and the rest are letting us feel secure at all but at least with the Intel stuff we do not have any other option.
Permalink - Score: 3
.
OnePlus Vulnerability
By loadedmind on 2017-11-14 14:35:32
The fix is actually quite easy. Yeah, ok, they poo-poo'ed the phone and didn't tell anyone before they released it, but it's really not that big of a deal to resolve it.
Permalink - Score: 1
.
RE: need to be addressed
By unclefester on 2017-11-15 08:41:10
> Chinese and Asian companies really need to address this questionable stuff pretty soon to not fall into the trap of by default being assumed not being secure and full of backdoors. They could be good alternatives but not like this ever.

p.s. not that Intel ME and the rest are letting us feel secure at all but at least with the Intel stuff we do not have any other option.


All devices have backdoors.

I prefer the Chinese spying on me than the NSA.
Permalink - Score: 2
.
Not a backdoor
By Carewolf on 2017-11-15 14:26:44
A backdoor is a way for someone else to get in. This is just an undocumented 1stparty root tool for the owner of the phone.
Permalink - Score: 2
.
affordable, high-quality phones.
By klahjn on 2017-11-15 19:46:11
Wish they were affordable to me.

:)
Permalink - Score: 1
.
RE: OnePlus Vulnerability
By jonathan2260 on 2017-11-15 20:52:14
Really? Not that hard to fix? Are you actually thinking of the majority who aren't tech savvy like old folks who can barely dial on their phones and those who neither have the time or interest to read articles warning them of this issue or are you thinking of only yourself and the few like you that know what to do about it? I think you're misunderstanding the problem.
Permalink - Score: 2
.
RE[2]: OnePlus Vulnerability
By Gecko on 2017-11-16 07:17:56
First of all, this is not a "backdoor". OSNews is spreading FUD here and using click-bait articles to get more ad-revenue. The headline and assessment is completely inaccurate here. Never thought OSNews would sink to such a low level...
In reality, this thing is much less dangerous: while it can enable adb root which provides privileges for adb commands, it will not let 3rd-party apps access full root privileges. Additionally, adb root is only accessible if USB debugging, which is off by default, is turned on, and any sort of root access would still require physical access to your device.

Edited 2017-11-16 07:20 UTC
Permalink - Score: 3

Post a new comment
Username

Password

Title

Your comment

If you do not have an account, please use a desktop browser to create one.
LEAVE SPACES around URLs to autoparse. No more than 8,000 characters are allowed. The only HTML/UBB tags allowed are bold & italics.
Submission of a comment on OSNews implies that you have acknowledged and fully agreed with THESE TERMS.
.
News Features Interviews
BlogContact Editorials
.
WAP site - RSS feed
© OSNews LLC 1997-2007. All Rights Reserved.
The readers' comments are owned and a responsibility of whoever posted them.
Prefer the desktop version of OSNews?