OnePlus is not doing itself any favours with the security community. A developer poking around one of its phones discovered an app designed for factory testing, but could also be reverse engineered to provide root access to the device.
The app in question is clearly labelled EngineerMode, and is meant to allow factory workers to determine if the phone is working before its packaged. On the surface, it runs several diagnostics and automated tests. However, launching the “DiagEnabled” function in the APK also provides full root access; provided one has the password.
This password was easily discovered by security company NowSecure, which answered a call for help in cracking the code. It turns out that the information was stored in a SHA256 hash and could be reversed by simply using a Google search.
On its own, this small toolkit could be used by developers to root OnePlus devices without having to unlock the phone. However, it could also be used by cybercriminals and hackers to gain control over the phone. Especially combined with other vulnerabilities.
OnePlus, for its part, has issued a statement clarifying the matter. According to the company, the APK will not allow third party apps to have root access; and that the adb root can only be accessible through USB debugging. Something that is turned off by default. However, the company has said that it will be removing Engineering Mode from existing OnePlus devices with an upcoming OTA update.