A newly discovered vulnerability in the bootloader of OnePlus 6 smartphone allows the smartphone to be fully controlled even when locked.
The primary function of locking a bootloader is to prevent some random user to overwrite the standard software on a smartphone. However, a critical vulnerability which essentially exists in the locked bootloader of OnePlus 6 smartphone can let users mount arbitrary or modified bootloader images on the device allowing them to take full control of the smartphone. In order to sneak into one’s OnePlus 6, a hacker might only need the smartphone in hand, a computer and a data cable.
The #OnePlus6 allows booting arbitrary images with `fastboot boot image.img`, even when the bootloader is completely locked and in secure mode. pic.twitter.com/MaP0bgEXXd
— Edge Security (@EdgeSecurity) June 9, 2018
The flaw was first discovered by Jason Donenfeld, an XDA member who is also the President of Edge Security LLC. After the flaw was first highlighted, fellow journalists at Android Police further investigated and were able to install a TWRP recovery on the smartphone overriding its bootlocked state. Once exploited, the vulnerability gives full control of the smartphone to its users.
Also Read: 3 things I hate about the OnePlus 6
If you own the most recent flagship smartphone from OnePlus, you might already be taken aback by this as OnePlus 6 is the company’s best smartphone. The company, however, states that it has taken notice of the situation and that a fix would soon be sent as an OTA update to the users.
“We take security seriously at OnePlus. We are in contact with the security researcher, and a software update will be rolling out shortly.” the company said in a statement.