Skip to content

June 10, 2018

OnePlus fixing in-person vulnerability that makes phone easy to hack

by John_A

oneplus-6-mirror-black-with-boxes.jpg?it

Flaw allows a modified boot image to load and grant complete admin control to anyone with the know-how.

The OnePlus 6 is a really great phone for not a lot of money. It’s easy to see why anyone would want to buy one, and if you recently pick one up, you need to be aware of a new exploit that could give the right person complete control over your device.

First reported at XDA Developers, president of Edge Security, Jason Donenfeld (under his XDA username zx2c4) shows that the flaw allows a person who has access to your phone and a computer to boot the system using a modified image. Notice the “has access to your phone and a computer” part — this only works when the phone is tethered via USB to a computer with the right tools and software. Nothing you download or install can do this.

The #OnePlus6 allows booting arbitrary images with `fastboot boot image.img`, even when the bootloader is completely locked and in secure mode. pic.twitter.com/MaP0bgEXXd

— Edge Security (@EdgeSecurity) June 9, 2018

This exploit works while the bootloader is still locked. That means it doesn’t depend on you having already enabled developer settings, enabled USB debugging, or enabled bootloader unlocking. That’s why it’s a serious problem even though you can unlock the bootloader on the OnePlus 6 manually if you like.

A custom image that places files in the correct location and changes a few system parameters can alter the system permanently, which could allow the OnePlus 6 to be rooted. While some users might think rooting a phone while keeping the bootloader locked is a good thing, having an exploit that allows anyone to do it once they have your phone in their hands is not.

OnePlus has responded to an inquiry by Android Police and says:

We take security seriously at OnePlus. We are in contact with the security researcher, and a software update will be rolling out shortly.

We hope this can be fixed in short order by a simple over-the-air update.

OnePlus 6

  • OnePlus 6 review
  • OnePlus 6 vs. OnePlus 5T: How much changes in six months?
  • OnePlus 6 vs. OnePlus 5: Should you upgrade?
  • These are the official OnePlus 6 cases
  • The OnePlus 6 doesn’t work on Verizon or Sprint
  • Join the discussion in the forums

Advertisements
Read more from News

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Note: HTML is allowed. Your email address will never be published.

Subscribe to comments

%d bloggers like this: