Malc0de CyberNet
Fulfill your daily dose of Security & Tech News.

Pre-installed App on OnePlus devices Collects System logs

OnePlus users face security dilemma yet again as debug app left behind is found to collect system stats.

0 150

OnePlus seems to be in a bad run of security incidents recently.

The company was first caught collecting extensive user data and leaving behind a backdoor allowing root access. Soon after the revelation of this pre-installed backdoor, another “secret” app has been unearthed that records substantial phone logs.

OnePlusLogKit, another pre-installed system-level debug application can capture system stats and information, and stores them in an unencrypted log file.

Behind the discovery is a Twitter user, going by the name “Elliot Alderson” (incidentally the main character of drama–thriller TV series Mr. Robot), who also discovered the backdoor EngineerMode. All decompiled source codes were made available by the researcher on GitHub, encouraging others to hunt for anything interesting.

OnePlusLogKit

Once enabled, OnePlusLogKit is capable of capturing a multitude of things from OnePlus devices, including:
  • Wi-Fi, NFC, Bluetooth, and GPS location logs,
  • Modem signal and data logs, hot and power issue logs,
  • list of the current running processes, services and battery status,
  • media databases, including personal videos and images saved on the device.
OnePlusLogKit is disabled by default, and activating it requires physical access to the device. One can enable it by simply dialing *#800# → “oneplus Logkit” → enable “save log”. Attackers can use social engineering to get the owner of the device to do it themselves. Alternatively, one can also send the intent:
adb shell am start -n com.oem.oemlogkit/.OneClickLogKitMainActivity
Once activated, the logs are stored unencrypted in /sdcard/oem_log/. This means that any installed app that has READ_EXTERNAL_STORAGE permission granted can read these files.
This poses some serious security issues. The app was designed for device manufacturers and engineers to log the events/activities to diagnose system issues. However, with this astounding amount of data collection, it makes little sense to intentionally leave such debug apps on device by default.

 

Unlike EngineerMode, which was found on other devices including HTC, Samsung, LG, Sony, Huawei, and Motorola, the OnePlusLogKit application appears only in OnePlus devices.
OnePlus has yet to comment officially on this latest issue. Previously, in response to EngineerMode issue, they promised to remove adb root function in upcoming OxygenOS updates, waving off any potential threat.

 

Since the app is system-level, it is possible for users to root their phone and remove the apps. Rooting your OnePlus phone is now as simple as installing an app, AngelaRoot and following the instructions on Github.

Moreover, OnePlusLogKit should not be a widespread threat, as it requires an attacker to physically access the device to activate it.

Besides these two factory apps left on OnePlus devices, the company was also accused of collecting user telemetry without anonymizing data, an issue that could allow OnePlus to track individual users. Cyber-security firm Aleph Research also discovered that some OnePlus devices are vulnerable to OS downgrade attacks, allowing attackers to roll back OnePlus operating systems to previous vulnerable versions.