Add Your Heading Text Here

Share it:

Many mobile devices manufactured under the OnePlus brand by China’s BBK Electronics are vulnerable to compromise via a factory-installed app called EngineerMode that acts as a backdoor providing root access to affected devices.

      A factory app is an app that is developed and pre-installed by mobile carriers and OEMS.

At this time, the exploit is beneficial to an attacker with physical access to a OnePlus device or an owner who intends to by-pass security limitation set by OnePlus in order to have  privilege access.

OnePlus develops its own customized version of the Android operating system, called OxygenOS, for their branded devices.  OnePlus mistakenly left a diagnostic app, EngineerMode to test the production build of the OxygenOS operating system.

Unfortunately, OnePlus left behind  system-signed .apk and a native library with a SHA256 hash of the password that was easily reversed.

Since the incident of OnePlus Root Exploit,  our security engineers came together and outlined five practical lessons mobile users could take heed from in order to protect themselves from mobile vulnerabilites and root exploits.

  •     Don’t trust OEM’s or Mobile Device Carriers. Hire android security researcher to assess your device if you can afford.

Original Equipment Manufacturer is abbreviated as OEM. An Original Equipment Manufacturer is a company that produces parts and equipment that may be marketed by another manufacturer. A mobile carrier is a service provider that supplies connectivity services to mobile phone and tablet subscribers.

  •      Avoid side-loading mobile applications and be extra careful when download apps on Google playstore.
  •       Always have effective mobile anti-virus solution installed on your mobile device . 

Effective mobile anti-virus solution make it difficult for hidden malware apps to escalate their malicious motives. However, mobile anti-virus solution is not a complete solution to malware eradication

  •         For android users, uncheck “install from other or unknown sources”. via device administration settings.
  •     Finally, hope that none of these pre-installed applications on your devices do not have backdoor embedded.

#ISA_informs

#ISA_ltd