A locked bootloader of a smartphone is responsible for ensuring the system boots into the right operating system. Bypassing the lock mechanism can allow someone to take full controller of your phone.
Access Open Source Technology
Innovate w/ IBM and Discover New Open Source Technology Today. Learn More.
Click here to know more
It has barely been a month since the launch of the OnePlus 6, but security researchers and developers have already been getting into the phone’s guts. The phone has already received a final build of the popular custom recovery tool TWRP, paving the way for custom ROMs, but now a security researcher has revealed a major flaw with the device. Jason Donenfeld, president of Edge Security LLC, has discovered a vulnerability on the OnePlus 6 that allows him to boot any arbitrary modified image that bypasses bootloader protection measures even a locked bootloader.
While the vulnerability might appear to be severe in nature, the researcher points out that it requires physical access to the device, along with a tethered connection to a PC. If the boot image is modified with insecure ADB and ADB has root by default, then an attacker with physical access will have total control over the device. Unlike the situation with the OnePlus 5T where the company accidentally pre-installed an app that acted as a backdoor, this vulnerability is more intrinsic to the OS. Also, this particular exploit does not require the phone to have USB Debugging enabled.
Jason Donenfeld has reported the problem to OnePlus and the company issued a response saying that “We take security seriously at OnePlus. We are in contact with the security researcher, and a software update will be rolling out shortly.”
While the vulnerability could be classified as a serious lapse in security, thankfully, it requires physical access to the device and a PC connection to gain control of the device. Android smartphones have been dealing with an increased level of scrutiny over the last few months, given the sharp rise in malware, ransomware and even crypto jacking attacks. Given the fragmentation of the Android ecosystem, each manufacturer’s own version of Android can have its own set of vulnerabilities. Since OnePlus has acknowledged the problem, maybe the upcoming OTA update can bring a patch for this particular problem as well.
Popular Mobile PhonesView All
Hot DealsView All