The new OnePlus 6 has a security vulnerability that could allow attackers to gain full control of the device.
According to XDA Developers, the vulnerability is in the device’s bootloader. The bootloader is like a gate of sorts, locking down the phone’s system image. The phone loads the image — and any software in it — when it powers on.
The bootloader is a fairly basic part of phone security — most manufacturers ship phones with a locked bootloader to protect users. Users can unlock the bootloader, but doing so wipes the device to protect user data.
The vulnerability on the OnePlus 6 allows system images to be pushed to the phone without unlocking the bootloader. What this means is anyone can push a modified boot image to your device with the right tools. Modifications could include root access or an insecure ADB — a tool that allows a computer to communicate with your device.
Right now, an attacker with a computer, a USB cable and some time would be able to take advantage of the vulnerability. Granted, they would need physical and unsupervised access to your phone for a few minutes.
The attacker would have to boot the device into Fastboot mode and connect it to their computer. From there they can push a new system image to the device. The device will load the new system image when it reboots.
— Edge Security (@EdgeSecurity) June 9, 2018
XDA user zx2c4, a security researcher named Jason Donenfeld, discovered the vulnerability. Donenfeld is the president of Edge Security, an information security research and consulting firm. He tweeted a video showing how the vulnerability can be exploited.
In a statement it provided XDA Developers, OnePlus said it has been in contact with Donenfeld and plans to roll out a software update to fix the vulnerability
“We take security seriously at OnePlus,” the statement said.
This isn’t the first time OnePlus has had a security mix-up. Earlier this year, the company had a data breach that exposed the credit card information of some 40,000 customers.
Additionally, some OnePlus devices had a hidden app that allowed root access. The app was a testing app used in production. However, attackers could potentially use the app to gain root access.