*** DONE OnePlus 5: OxygenOS 5.0.1 OTA Update to Android 8 Re-Introduces the Backdoor :blog:mobile:phones:software:security: CLOSED: [2018-01-14 Sun 12:42] :PROPERTIES: :ID: 2018-01-14-OxygenOS-Backdoor :CREATED: [2018-01-14 Sun 12:29] :END: :LOGBOOK: - State "DONE" from "DONE" [2018-01-27 Sat 12:17] - State "DONE" from "NEXT" [2018-01-14 Sun 12:42] :END: Update 2018-01-27: Evidence for theft of data through clipboard A couple of monts ago, [[id:2017-09-14-OnePlus5][I wrote about my OnePlus 5 mobile]] which had a backdoor pre-installed. It was covered in tech media and people had to manually remove the backdoor software themselves. Yesterday, I installed the [[https://en.wikipedia.org/wiki/Over-the-air_programming][OTA-update]] which brought [[https://en.wikipedia.org/wiki/Android_Oreo][Android 8]] to my OnePlus 5 [[https://en.wikipedia.org/wiki/OxygenOS][OxygenOS]]. Fun thing: after downloading the 1.6GB update and starting the update process, my usually really stable WiFi router had an issue. This resulted in a non-functioning WiFi. Right after the first boot with OxygenOS 5.0.1 I had no WiFi connection. Unfortunately, I thought this is related to the update. However, it could be resolved by a router reboot. #+CAPTION: Screenshot from my Mastodon account. #+ATTR_HTML: :alt I just deleted my message on how the #OnePlus5 #OxygenOS 5.0.1 OTA update broke the WiFi. Truth is that during the upgrade(!), my WiFi router developed an issue 😒 which was resolved by a router reboot. 😎 Sorry #OnePlus! #coincidence #+ATTR_HTML: :align center :width 627 [[tsfile:2018-01-14T10.29 mastodon.social - I just deleted my OnePlus5 OTA upgrade toot -- publicvoit screenshots.png][https://mastodon.social/@publicvoit/99347476064841251]] Otherwise, the update went fine. However, [[https://androidandme.com/2018/01/news/oneplus-3-and-3t-now-receiving-update-to-oxygenos-5-0-1/][I had to read that the backdoor I was mentioning before returned with a different app name]]. According to the article, EngineerMode is now called FactoryMode. I had to disable the backdoor using [[id:2017-09-14-OnePlus5][the =adb= method]] again. In my case, the =idProduct= identifier changed with the update. This might apply to your side as well. **** Theft of Secrets through Clipboard :PROPERTIES: :END: There is evidence that the pre-installed software steals things like bank account numbers from your clipboard: #+CAPTION: Tweet by fs0c131y with link to https://pastebin.com/kfvJWKJB #+ATTR_HTML: :alt The @OnePlus #clipboard app contains a strange file called badword.txt 🤔 In these words, we can find: Chairman, Vice President, Deputy Director, Associate Professor, Deputy Heads, General, Private Message, shipping, Address, email, ... #+ATTR_HTML: :align center :width 585 [[tsfile:2018-01-25T21.44 Twitter.com - fs0c131y - The OnePlus clipboard app contains a strange file called badword.txt -- screenshots publicvoit.png][https://twitter.com/fs0c131y/status/956628910308982785]] If this is true, OnePlus is totally dead to me.