Home » News » Mobile Phones » OnePlus 6 Bootloader Protection bypassed, OnePlus promises fix soon

OnePlus 6 Bootloader Protection bypassed, OnePlus promises fix soon

By Digit NewsDesk | Updated on 05-Jun-2020
OnePlus 6 Bootloader Protection bypassed, OnePlus promises fix soon
Digit NewsDesk Digit NewsDesk
10 Jun 2018 11:49
HIGHLIGHTS

A locked bootloader of a smartphone is responsible for ensuring the system boots into the right operating system. Bypassing the lock mechanism can allow someone to take full controller of your phone.

It has barely been a month since the launch of the OnePlus 6, but security researchers and developers have already been getting into the phone’s guts. The phone has already received a final build of the popular custom recovery tool TWRP, paving the way for custom ROMs, but now a security researcher has revealed a major flaw with the device. Jason Donenfeld, president of Edge Security LLC, has discovered a vulnerability on the OnePlus 6 that allows him to boot any arbitrary modified image that bypasses bootloader protection measures even a locked bootloader.

While the vulnerability might appear to be severe in nature, the researcher points out that it requires physical access to the device, along with a tethered connection to a PC. If the boot image is modified with insecure ADB and ADB has root by default, then an attacker with physical access will have total control over the device. Unlike the situation with the OnePlus 5T where the company accidentally pre-installed an app that acted as a backdoor, this vulnerability is more intrinsic to the OS. Also, this particular exploit does not require the phone to have USB Debugging enabled.

 Jason Donenfeld has reported the problem to OnePlus and the company issued a response saying that “We take security seriously at OnePlus. We are in contact with the security researcher, and a software update will be rolling out shortly.”

While the vulnerability could be classified as a serious lapse in security, thankfully, it requires physical access to the device and a PC connection to gain control of the device. Android smartphones have been dealing with an increased level of scrutiny over the last few months, given the sharp rise in malware, ransomware and even crypto jacking attacks. Given the fragmentation of the Android ecosystem, each manufacturer’s own version of Android can have its own set of vulnerabilities. Since OnePlus has acknowledged the problem, maybe the upcoming OTA update can bring a patch for this particular problem as well.

Digit NewsDesk

Digit NewsDesk

Digit News Desk writes news stories across a range of topics. Getting you news updates on the latest in the world of tech. View Full Profile

New Mobiles
Apple IPhone 15Redmi 12 5GRealme 11 Pro+ 5GApple IPhone 15 PlusNothing Phone 2
Top-10s
Best Mobile Phones under 15,000Best Mobile Phones under 20,000Best Mobile Phones Under 10,000Best Mobile PhonesBest 5G Mobile Phones
Terms of Use Privacy Policy About Us Advertise with us Contact Us SiteMap Current / Past Issue Magazine Subscription
9.9 Group

Digit.in is one of the most trusted and popular technology media portals in India. At Digit it is our goal to help Indian technology users decide what tech products they should buy. We do this by testing thousands of products in our two test labs in Noida and Mumbai, to arrive at indepth and unbiased buying advice for millions of Indians.

We are about leadership – the 9.9 kind Building a leading media company out of India. And, grooming new leaders for this promising industry.

logo logo logo logo logo logo
Copyright © 2007-24 9.9 Group Pvt.Ltd.All Rights Reserved.
Digit.in
Logo
Digit.in
Logo