#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

OnePlus Three | Breaking Cybersecurity News | The Hacker News

OnePlus Left A Backdoor That Allows Root Access Without Unlocking Bootloader

OnePlus Left A Backdoor That Allows Root Access Without Unlocking Bootloader
Nov 14, 2017
Another terrible news for OnePlus users. Just over a month after OnePlus was caught collecting personally identifiable information on its users, the Chinese smartphone company has been found leaving a backdoor on almost all OnePlus handsets. A Twitter user, who goes by the name "Elliot Anderson" ( named after Mr. Robot's main character ), discovered a backdoor (an exploit) in all OnePlus devices running OxygenOS that could allow anyone to obtain root access to the devices. The application in question is " EngineerMode ," a diagnostic testing application made by Qualcomm for device manufacturers to easily test all hardware components of the device. This APK comes pre-installed ( accidentally left behind ) on most OnePlus devices, including OnePlus 2, 3, 3T, and the newly-launched OnePlus 5. We can confirm its existence on the OnePlus 2, 3 and 5. You can also check if this application is installed on your OnePlus device or not. For this, simply go t

All OnePlus Devices Vulnerable to Remote Attacks Due to 4 Unpatched Flaws

All OnePlus Devices Vulnerable to Remote Attacks Due to 4 Unpatched Flaws
May 11, 2017
There is a bad news for all OnePlus lovers. A security researcher has discovered four vulnerabilities that affect all OnePlus handsets, including One, X, 2, 3 and 3T, running the latest versions of OxygenOS 4.1.3 (worldwide) and below, as well as HydrogenOS 3.0 and below (for Chinese users). Damn, I am feeling bad, I myself use OnePlus. One of the unpatched vulnerabilities allows Man-in-the-Middle (MitM) attack against OnePlus device users, allowing a remote attacker to downgrade the device's operating system to an older version, which could then expand the attack surface for exploitation of previously disclosed now-patched vulnerabilities. What's even worse? The other two vulnerabilities also allow an MitM attacker to replace any version of OxygenOS with HydrogenOS (or vice versa), as well as to replace the operating system with a completely different malicious ROM loaded with spying apps. The vulnerabilities have been discovered by Roee Hay of Aleph Research, HCL

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl
Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
Cybersecurity Resources