In an astonishing bit of a security mishap, OnePlus was discovered to have unintentionally left a backdoor in its phones. The backdoor can provide easy root-level access without having to open the bootloader.
The list of affected phones includes the recent OnePlus 5, though older phones are affected too. The exploit was found by mobile security researcher Robert Baptiste, also known as Elliot Alderson.
Need Physical Access to Phone
The only saving grace here is the fact that the hacker needs to physically get their hands on your phone in order to use this backdoor. Qualcomm has a testing app called Engineer Mode which can allow changes to be made via the backdoor. Before that, USB debugging needs to be toggled on, which is kept off by default.
Still, after getting hands on your phone, very little is required to track the phone and steal valuable data. It practically opens access to anything found within the operating system of the phone. Baptiste isn’t closing down the rumors of certain apps getting access to the backdoor, either.
“While we don’t see this as a major security issue, we understand that users may still have concerns.” OnePlus said in a statement.
Fix Coming Soon
OnePlus is reportedly fixing the issue, which should happen whenever the next update hits the phones. The Engineering Mode might be going away soon, or might have its access level reduced through the app.
It is far from the first security-related issue OnePlus users have faced; recently the company was found to be collecting large amounts of data from its users. Both issues will damage OnePlus’s image in the eyes of security conscious people and OnePlus users in general.