Fix on the way for OnePlus 6 bootloader security flaw

OnePlus 6 with Never Settle slogan

A security researcher has discovered a vulnerability in the OnePlus 6 bootloader. The flaw makes it possible for someone to boot arbitrary or modified images -- even if the bootloader is locked.

Exploiting the vulnerability requires someone to have physical access to the phone, and after this it is a relatively simple task to restart the handset in fastboot mode. From here is would be possible to load a modified boot image, including one that has root access.

See also:

The discovery was made by Jason Donenfeld, president of Edge Security. He notes that if a boot image is modified with insecure ADB and ADB as root by default, it would be possible for an attacker to gain complete control over a handset. In a tweet, Edge Security showed off the vulnerability in action:

With no special requirements beyond having physical access to the device so it can be hooked up to a PC, is this something that OnePlus 6 owners should be worried about?

While there is certainly some cause for concern, OnePlus says it is working on plugging the security hole. In a statement, the company says:

We take security seriously at OnePlus. We are in contact with the security researcher, and a software update will be rolling out shortly.

© 1998-2020 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.