OnePlus 6 Bootloader Protection bypassed, OnePlus promises fix soon

By Digit NewsDesk | Published on 10 Jun 2018
OnePlus 6 Bootloader Protection bypassed, OnePlus promises fix soon
HIGHLIGHTS

A locked bootloader of a smartphone is responsible for ensuring the system boots into the right operating system. Bypassing the lock mechanism can allow someone to take full controller of your phone.

Advertisements

Access Open Source Technology

Innovate w/ IBM and Discover New Open Source Technology Today. Learn More.

Click here to know more

It has barely been a month since the launch of the OnePlus 6, but security researchers and developers have already been getting into the phone’s guts. The phone has already received a final build of the popular custom recovery tool TWRP, paving the way for custom ROMs, but now a security researcher has revealed a major flaw with the device. Jason Donenfeld, president of Edge Security LLC, has discovered a vulnerability on the OnePlus 6 that allows him to boot any arbitrary modified image that bypasses bootloader protection measures even a locked bootloader.

While the vulnerability might appear to be severe in nature, the researcher points out that it requires physical access to the device, along with a tethered connection to a PC. If the boot image is modified with insecure ADB and ADB has root by default, then an attacker with physical access will have total control over the device. Unlike the situation with the OnePlus 5T where the company accidentally pre-installed an app that acted as a backdoor, this vulnerability is more intrinsic to the OS. Also, this particular exploit does not require the phone to have USB Debugging enabled.

 Jason Donenfeld has reported the problem to OnePlus and the company issued a response saying that “We take security seriously at OnePlus. We are in contact with the security researcher, and a software update will be rolling out shortly.”

While the vulnerability could be classified as a serious lapse in security, thankfully, it requires physical access to the device and a PC connection to gain control of the device. Android smartphones have been dealing with an increased level of scrutiny over the last few months, given the sharp rise in malware, ransomware and even crypto jacking attacks. Given the fragmentation of the Android ecosystem, each manufacturer’s own version of Android can have its own set of vulnerabilities. Since OnePlus has acknowledged the problem, maybe the upcoming OTA update can bring a patch for this particular problem as well.

logo
Digit NewsDesk

The guy who answered the question 'What are you doing?' with 'Nothing'.

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry.

DMCA.com Protection Status