You are here
Home > SmartPhones > OnePlus 6 Security Flaw, But A Fix Is On The Way

OnePlus 6 Security Flaw, But A Fix Is On The Way

OnePlus-6-Security-Flaw

OnePlus 6 Security Flaw Lets Anyone Bypass Its Locked Bootloader, But A Fix Is On The Way

A security researcher discovered a vulnerability on the OnePlus 6 lets you bypass the phone’s locked bootloader with any modified boot image.

You need physical access to the phone to take advantage of the vulnerability.

OnePlus-6-Security-Flaw-01
Credits: OnePlus 6

OnePlus confirmed the vulnerability and said it will push out a software update to fix the issue.

The OnePlus 6 might be the perfect Pixel alternative, but it also features a serious security flaw that thankfully will be fixed in a software update, reported XDA Developers.

According to Edge Security LLC president and XDA Developers forum member Jason Donenfeld, the OnePlus 6 features a vulnerability that let him bypass the locked bootloader with any modified boot image. Even weirder, Jason Donenfeld did not have to turn on USB debugging. That is usually a requirement when it comes to messing around with your smartphone.

Android Police verified the vulnerability and was able to boot TWRP on its bootloader-locked OnePlus 6.

It also noted that folks can modify a stock OnePlus 6 boot image to include root access and an insecure ADB, which would allow an attacker to gain full control of the device if they wanted to.

Fix On The Way For OnePlus 6 Bootloader Security Flaw

A security researcher has discovered a vulnerability in the OnePlus 6 bootloader. This flaw makes it possible for someone to boot arbitrary or modified images – even if the bootloader is locked

Exploiting the vulnerability requires someone to have physical access to the phone, and after this, it is a relatively simple task to restart the handset in fastboot mode. From here it would be possible to load a modified boot image, including one that has root access.

OnePlus-6-Security-Flaw-02
Credits: OnePlus 6

Also, Read

Look on:

The discovery was made by Jason Donenfeld, president of Edge Security. He notes that if a boot image is modified with insecure ADB and ADB as root by default, it would be possible for an attacker to gain complete control over a handset. In a tweet, Edge Security showed off the vulnerability in action:

With no special requirements beyond having physical access to the device so it can be hooked up to a PC, is this something that OnePlus 6 owners should be worried about?

While there is certainly some cause for concern, OnePlus says it is working on plugging the security hole.

In a statement, the company says: We take security seriously at OnePlus. We are in contact with the security researcher, and a software update will be rolling out shortly.

Visit, Like, Share and Comment.

MannInfoTech
Hello, MannInfoTech is a tech information site and share you a Technology news, Smartphones & Laptops reviews, comparisons, AutoTech, other things, and so on.
http://www.manninfotech.net

Leave a Reply

Top