OnePlus 6 bootloader vulnerability allows attacker to boot a modified image and gain complete control over the phone
OnePlus 6 is plagued with a new bootloader vulnerability and the company has acknowledged the same. The OnePlus 6 vulnerability was reported by XDA Developers and it was first discovered by security researcher and president of Edge Security, Jason Donenfeld. The security researcher cited that the flaw allows a person who has access to the phone to boot the system by using a modified image.
The ‘exploit’ works even when the bootloader is locked and potentially allows the attacker to have complete control over the phone. According to Jason Donenfeld, this vulnerability allows the attacker to boot any arbitrary modified image on the OnePlus 6 using the ADB tool’s fastboot command. The image can then be used to gain control over the phone and the content bypassing all the security measures.
Jason further mentions that the attacker needs to have a physical access to first to hack the smartphone. The vulnerability works when the device is tethered via USB to a PC with ‘right tools and software.’ XDA folks, however, says that unlike “backdoor” vulnerability found on the OnePlus 5T, this does not require a user to have USB debugging enabled.
The issue was reported to ‘multiple engineers’ of OnePlus. It also looks like a member of the security team has acknowledged the bootloader vulnerability. OnePlus in statement addressing the issue said,“We take security seriously at OnePlus. We are in contact with the security researcher, and a software update will be rolling out shortly.”
To recall, the OnePlus 6 made its debut in India last month for a price starting at Rs 34,999. The smartphone just received a Portrait mode for selfies with the latest OxygenOS 5.1.6 update. The update also brings the battery percentage which was previously not visible in the status bar. Further, OnePlus 6 users in India who have Idea SIM card will get 4G VoLTE support.