OnePlus 6 vulnerability: bootloader protection can be bypassed

0
351

After months of anticipation, the OnePlus 6, OnePlus’ fifth-gen flagship smartphone, has officially entered the market. It is one popular subject because the company has always been confident in its quality. OnePlus does follow the “Never Settle” motto and since 2013, it’s been showing the industry how to market products. Well, it’s very eager and aggressive but to be honest, we don’t really know how many phones have been sold to date. From OnePlus One to OnePlus 2 then OnePlus 3, OnePlus 5, and now OnePlus 6, the Chinese OEM is still struggling although it has already made its mark in some key markets.

The OnePlus 6 has only begun shipping as pre-orders have been placed since last month. Those who already received their units have started to report their experiences. Some are positive while there are those who are unfortunately seeing some issues. There is the concept of face unlocking spoofing and the absence of the Always On Display feature. We still believe the OnePlus 6 stands out from other 2018 flagships for several reasons but it cannot escape the curious minds of the security researchers.

Aside from various hacks and unofficial builds being developed to run on the OnePlus 6, the phone is also being checked for possible security loopholes. Edge Security LLC’s president Jason Donenfeld who happened to be a member and recognized developer at XDA discovered one particular vulnerability. He discovered it is possible to boot an arbitrary modified image that could bypass bootloader protection measures. This means the OnePlus 6 can be accessed by any hacker who has a computer and Internet connection.

Once your phone is accessed, the attacker can do anything and exploit your phone. It’s more dangerous if boot image is modified with insecure ADB and ADB as root by default. There is no need for USB Debugging to exploit this vulnerability.

Donenfeld already reported the problem to OnePlus which has been acknowledged already. OnePlus’ security team is already looking into the vulnerability. Hopefully, a patch will be ready soon.

Here is the official statement of OnePlus:

“We take security seriously at OnePlus. We are in contact with the security researcher, and a software update will be rolling out shortly.” – OnePlus spokesperson

We’ll be waiting for the patch or software update and we’ll let you know soon.

VIA: XDA Developers

via Android Community

June 10, 2018 at 09:19PM