large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

As OnePlus 5T gets ready to launch, another major security flaw discovered

It’s not been a good week for OnePlus, as after dismissing one potential security backdoor in its devices, yet another has cropped up.

The new issue is both a security and privacy one taking the from of the OnePlusLogKit, which unsurprisingly logs data about users and how they are interacting with OnePlus handsets using the pre-installed app.

The app was discovered by a security researcher going by the name of Elliot Alderson, who posted his findings on Twitter in the same fashion as when he discovered the EngineerMode tool earlier this week that leaves a potential if difficult to exploit backdoor in some OnePlus phones.

He noted that OnePlusLogKit collects data on a handset’s NFC, Bluetooth, GPS, and Wi-Fi use among other sets of data, which could give OnePlus a fairly decent picture on how individuals are using its phones.

Such tools are used as ways to discover problems in handsets when faulty devices are returned, but having OnePlusLogKit left on functional phones seems odd and pointless, while the by-default data collection without a user’s knowledge is a breach of privacy.

And it’s also a security risk as Elliot Alderson told BeepingComputer that hackers could access the logging tool either by physically entering in ‘#800#’ into the phone via its dial pad or using malware to remotely enable access to the data logging and collection. From there they can harvest information and use it for their own nefarious purposes.

We contacted OnePlus for comment on the issue, but they did not respond at the time of writing.

All this comes ahead of the OnePlus 5T launch, potentially souring the reception of a handset that could really challenge flagship phones from the likes of Samsung and Apple.

Related: Best Black Friday deals

Does OnePlus need to reconsider the tools its uses for diagnostics? Have your say on Twitter or Facebook.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have 9 million users a month around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.