Just one month after the Chinese manufacturer of OnePlus smartphones was convicted of collecting personally identifiable user data, the developer, under the pseudonym Elliot Alderson, discovered a backdoor that was found on almost all OxygenOS-based OnePlus devices. This backdoor allows access with superuser privileges to the smartphone even when the boot loader is locked.

According to the developer, OnePlus deliberately left a "loophole" on their smartphones.

This is an application EngineerMode - a diagnostic program developed by Qualcomm for gadget manufacturers, which serves for factory testing of devices. As it turned out, this application is preinstalled on most OnePlus smartphones, including OnePlus 2, 3, 3T and 5 models. Owners of OnePlus can check the availability of EngineerMode. APK on their devices, opening the "Settings" -> "System Applications".

After the EngineerMode decompilation.

APK Elliot Alderson discovered the possibility DiagEnabled, which when using a special password (Angela) allows users to get full access to the smartphone without unlocking the bootloader. Having received the superuser rights, the attacker can perform various actions on the smartphone, including installing complex spyware.

According to co-founder of OnePlus Carl Pei (Carl Pei), the company is currently studying the problem. To prevent exploitation of this vulnerability, it is recommended that users disable access with superuser rights on the smartphone.