large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

OnePlus left a backdoor in Oxygen OS that hackers could exploit – report

Mere days ahead of the OnePlus 5T launch and OnePlus has been accused of inadvertent installing a backdoor into its phones which hackers could exploit to seize control of affected phones.

Cyber security enthusiast and likely Mr Robot fan, Twitter user ‘Elliot Alderson’ spotted the backdoor in OnePlus’ Oxygen OS, which according to XDA Developers, is a diagnostic testing tool supplied by Qualcomm which OnePlus appears to have accidentally left in place on its OnePlus 5, OnePlus 3 and OnePlus 3T handsets.

Dubbed ‘EngineerMode’ the tool has been designed as an easy way for phone makers to test the hardware on their devices. But Elliot Alderson found that the tool could be exploited by hackers to gain root access to a device, essentially gaining backdoor access into it where they could then take over the phone.

The existence of the EngineerMode tool is nothing particularly new, but for a while people didn’t know what it could be used for. However, through decompiling the tool, it now appears to pose a security risk to affected OnePlus handsets.

The main risk is that affected phones can be rooted without needing access to a bootloader which is a security problem if a person’s OnePlus phone falls into nefarious hands.

OnePlus have yet to officially respond to the problem, and the company will no doubt be expected to push out a patch to plug the security hole. But it also serves as a warning to OnePlus to be particularly careful with the software it leaves on its future phones after they roll off the production line.

Related: Best Black Friday deals

Have you encountered any nasty hidden tools on your Android phone? If so, let us know on Twitter or Facebook.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.