Many mobile devices manufactured under the OnePlus brand by China’s BBK Electronics are vulnerable to compromise via a factory-installed app called EngineerMode that acts as a backdoor providing root access to affected devices.
A factory app is an app that is developed and pre-installed by mobile carriers and OEMS.
At this time, the exploit is beneficial to an attacker with physical access to a OnePlus device or an owner who intends to by-pass security limitation set by OnePlus in order to have privilege access.
OnePlus develops its own customized version of the Android operating system, called OxygenOS, for their branded devices. OnePlus mistakenly left a diagnostic app, EngineerMode to test the production build of the OxygenOS operating system.
Unfortunately, OnePlus left behind system-signed .apk and a native library with a SHA256 hash of the password that was easily reversed.
Since the incident of OnePlus Root Exploit, our security engineers came together and outlined five practical lessons mobile users could take heed from in order to protect themselves from mobile vulnerabilites and root exploits.
Original Equipment Manufacturer is abbreviated as OEM. An Original Equipment Manufacturer is a company that produces parts and equipment that may be marketed by another manufacturer. A mobile carrier is a service provider that supplies connectivity services to mobile phone and tablet subscribers.
Effective mobile anti-virus solution make it difficult for hidden malware apps to escalate their malicious motives. However, mobile anti-virus solution is not a complete solution to malware eradication
#ISA_informs
#ISA_ltd
Sign up our newsletter for update information, insight and promotion.
