The OnePlus Saga Continues…
Just a day after the revelation of the hidden Android rooting backdoor pre-installed on most OnePlus smartphones, a security researcher just found another secret app that records tons of information about your phone.
Dubbed OnePlusLogKit, the second pre-installed has been discovered by the same Twitter user who goes by the pseudonym "Elliot Alderson" and discovered the controversial "EngineerMode" diagnostic testing application that could be used to root OnePlus devices without unlocking the bootloader.
OnePlusLogKit is a system-level application that is capable of capturing a multitude of things from OnePlus smartphones, including:
- Wi-Fi, NFC, Bluetooth, and GPS location logs,
- Modem signal and data logs, hot and power issue logs,
- list of the running processes, list of running service and battery status,
- media databases, including all your videos and images saved on the device.
Unlike EngineerMode (which was found on devices by several manufacturers including HTC, Samsung, LG, Sony, Huawei, and Motorola), the OnePlusLogKit application (decompiled APK) most certainly is present only in OnePlus devices.
Since OnePlusLogKit is disabled by default, the attacker would require access to the victim's smartphone to enable it.
With the physical access to the targeted smartphone, one can quickly enable it by dialing *#800# → "oneplus Logkit" → enable “save log,” or one can use social engineering to get the owner of the device to do it themselves.
Once enabled, any other application installed on your device can collect the logged information (stored unencrypted in the /sdcard/oem_log/ folder) remotely without requiring user interaction.
Although the app in question has been designed for device manufacturers and engineers to log the events/activities to diagnose system issues, the amount of information collected here could also be used for nefarious purposes.
OnePlus has yet to comment on this latest issue, while the Chinese company did not see the previous EngineerMode diagnostic tool as a major security issue, although it promised to remove the adb root function in the upcoming OxygenOS update.
"While it can enable adb root which provides privileges for adb commands, it will not let 3rd-party apps access full root privileges," the OnePlus spokesperson said in a statement.
"Additionally, adb root is only accessible if USB debugging, which is off by default, is turned on, and any sort of root access would still require physical access to your device."
Qualcomm, who was believed to be the creator of the EngineerMode APK, also responded to allegations, saying that there are traces of source code from their original app, but the current APK found on devices from various manufacturers has been modified by someone else.
"After an in-depth investigation, we have determined that the EngineerMode app in question was not authored by Qualcomm," Qualcomm claims.
"Although remnants of some Qualcomm source code is evident, we believe that others built upon a past, similarly named Qualcomm testing app that was limited to displaying device information. EngineerMode no longer resembles the original code we provided."
Meanwhile, another security researcher has released an Android application to root OnePlus phones quickly by using the backdoor discovered in EngineerMode.