Nice report @AndroidPolicehttp://www.androidpolice.com/2017/11/13/oneplus-left-backdoor-devices-capable-root-access/ …
-
-
Hey, just to clarify: the
@AndroidPolice article states that apps can easily exploit this to grant root access. However, from what I can tell only the ADB shell process is given root so apps can't do anything with this.1 reply 1 retweet 2 likes -
Replying to @MishaalRahman @oneplus and
Yes you're right. SuperSu is needed to give root access to apps
1 reply 0 retweets 2 likes -
So that means this wording is incorrect? "This also means that it's possible for any Android app to achieve root using this method, which opens up OP devices to massive security issues."
1 reply 0 retweets 0 likes -
Replying to @MishaalRahman @oneplus and
Yes. An app can use this attack for example https://researchcenter.paloaltonetworks.com/2017/09/unit42-android-toast-overlay-attack-cloak-and-dagger-with-no-permissions …, send the "magic" intent and so allow adb root. From now, that's all
1 reply 1 retweet 1 like -
But granting ADB root still means that the exploiter needs ADB access in the first place, right? So it's not like a random app can exploit this then wreck havoc with root access—only someone with physical ADB access.
1 reply 0 retweets 0 likes -
Replying to @MishaalRahman @oneplus and
Yes you're right. However there are other implications. When the "magic intent" is executed it set the system property oem.selinux.reload_policy to 1. There is also an "engineer mode" which correspond to persist.sys.adb.engineermode
4 replies 0 retweets 1 like -
Thanks for clarifying. I'm not really sure what those other sys properties could be used for, but it's definitely worth looking into!
1 reply 0 retweets 1 like -
-
By the way, we just wrote on it here: https://www.xda-developers.com/oneplus-root-access-backdoor/ … Good work on the discovery, hope there's more to come!
1 reply 0 retweets 3 likes
Thanks! I'm pretty sure there is more
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.