Published: 12th June 2018
Thinking of buying OnePlus 6? Here's why you might want to rethink your choice
The system error in the bootloader lets the hacker get access to your phone only when he has a physical access to your OnePlus 6
Did you know that the much-awaited OnePlus6 can be hacked in LESS THAN 3 MINUTES? Thanks to Infosec Ventures, an organisation that provides complete infrastructure security solutions, now you do.
According to Ankush Johar, Director at Infosec Ventures, OnePlus 6 has a serious vulnerability issue that can let hackers gain full control of your device. "Say, if you left your OnePlus 6 phone in a room with a potential hacker — it would not take much time for him to get access to your device. Basically, the phone is theirs," he says.
We take security seriously at OnePlus. We are in contact with the security researcher, and a software update will be rolling out shortly
If you think that's scary, hear this — you won't even know that someone else has full access to phone. Wondering how this happens? It happens due to a small fault in the 'bootloader' of the phone. "Researchers have discovered that the bootloader on OnePlus 6 is not entirely locked thus allowing anyone to modify boot image without even having to turn on USB debugging, thus taking full control of your device," explains Johar.
What is a bootloader: A bootloader is a part of Android built-firmware and it is the first thing that runs when you boot up your Android device. Locking a bootloader prevents anyone from modifying the phone’s operating system.
The vulnerability, however, can be exploited only when someone has a physical access to your OnePlus 6. The vulnerability would require plugging the phone into a computer, restarting the phone into fast-boot mode and then transferring any arbitrary or modified boot image.
"OnePlus 6 users should be extra cautious and make sure that their device is not in the wrong hands, especially until a patch is released. Moreover, users are strongly advised to update their software as soon as the patch is released because in the absence of a bootloader lock, attackers might be able to modify the OS without actually needing to wipe the device storage further gaining complete root access to the device," he concludes.
OnePlus has acknowledged the vulnerability and promised to release a software update shortly. They have ensured that security is one of their main priorities. "We take security seriously at OnePlus. We are in contact with the security researcher, and a software update will be rolling out shortly,' said a OnePlus representative.