The OnePlus 6 is barely a month old and we are now hearing the device has a flaw that can allow a potential attacker to boot any modified system image even if bootloader is locked. According to a security researcher, this vulnerability means that the OnePlus 6 is insecure right from the gates and any attacker with physical access to the device can break into the device easily and gain full access.
The flaw was discovered by Jason Donenfeld, president of Edge Security LLC and goes by zx2c4 on XDA. The researcher found that a vulnerability can be exploited if the attacker as physical access to a OnePlus 6 device. By connecting the device to a PC, the attacker then needs to boot the phone through a fastboot mode and flash a modified image. If the boot image is modified with insecure ADB and ADB as root by default, then the attacker can gain total control over the device.
Following the discovery, OnePlus responded with a statement, saying, “We take security seriously at OnePlus. We are in contact with the security researcher, and a software update will be rolling out shortly.” The company hasn’t provided an exact time for the update release, but given the potential threat of such a flaw, you can expect a fix to be issued at the earliest.
Separately, OnePlus rolled out OxygenOS 5.1.6 for OnePlus 6 users in some countries including India this week. The update not only brings Portrait Mode for the front camera but also brings support for Idea VoLTE service in India, battery percentage in the status bar and fixes stability issues, among other things.