Awesome! Thanks to @insitusec and the @NowSecureMobile team, we have the password! It's now possible to root an @Oneplus device with a simple intentpic.twitter.com/gN0awYijBv
French security researcher. Worst nightmare of Oneplus, Wiko, UIDAI, Kimbho and others. Not completely schizophrenic. Not related to USANetwork. DMs open.
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
Add this Tweet to your website by copying the code below. Learn more
Add this video to your website by copying the code below. Learn more
By embedding Twitter content in your website or app, you are agreeing to the Twitter Developer Agreement and Developer Policy.
| Country | Code | For customers of |
|---|---|---|
| United States | 40404 | (any) |
| Canada | 21212 | (any) |
| United Kingdom | 86444 | Vodafone, Orange, 3, O2 |
| Brazil | 40404 | Nextel, TIM |
| Haiti | 40404 | Digicel, Voila |
| Ireland | 51210 | Vodafone, O2 |
| India | 53000 | Bharti Airtel, Videocon, Reliance |
| Indonesia | 89887 | AXIS, 3, Telkomsel, Indosat, XL Axiata |
| Italy | 4880804 | Wind |
| 3424486444 | Vodafone | |
| » See SMS short codes for other countries | ||
This timeline is where you’ll spend most of your time, getting instant updates about what matters to you.
Hover over the profile pic and click the Following button to unfollow any account.
When you see a Tweet you love, tap the heart — it lets the person who wrote it know you shared the love.
The fastest way to share someone else’s Tweet with your followers is with a Retweet. Tap the icon to send it instantly.
Add your thoughts about any Tweet with a Reply. Find a topic you’re passionate about, and jump right in.
Get instant insight into what people are talking about now.
Follow more accounts to get instant updates about topics you care about.
See the latest conversations about any topic instantly.
Catch up instantly on the best stories happening as they unfold.
Awesome! Thanks to @insitusec and the @NowSecureMobile team, we have the password! It's now possible to root an @Oneplus device with a simple intentpic.twitter.com/gN0awYijBv
I will publish an application on the PlayStore to root your @OnePlus device in the next hours
Difficulty to install #SuperSu: 0! Everything is already preinstalled
.
The OnePlus root application is coming soon :)
Nice report @AndroidPolicehttp://www.androidpolice.com/2017/11/13/oneplus-left-backdoor-devices-capable-root-access/ …
Hey, just to clarify: the @AndroidPolice article states that apps can easily exploit this to grant root access. However, from what I can tell only the ADB shell process is given root so apps can't do anything with this.
Yes you're right. SuperSu is needed to give root access to apps
So that means this wording is incorrect? "This also means that it's possible for any Android app to achieve root using this method, which opens up OP devices to massive security issues."
Yes. An app can use this attack for example https://researchcenter.paloaltonetworks.com/2017/09/unit42-android-toast-overlay-attack-cloak-and-dagger-with-no-permissions …, send the "magic" intent and so allow adb root. From now, that's all
But granting ADB root still means that the exploiter needs ADB access in the first place, right? So it's not like a random app can exploit this then wreck havoc with root access—only someone with physical ADB access.
Yes you're right. However there are other implications. When the "magic intent" is executed it set the system property oem.selinux.reload_policy to 1. There is also an "engineer mode" which correspond to persist.sys.adb.engineermode
So for now, it too early to speak about a random app getting root access but we are on the good tracks
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.