Every time mobile software receives an update, we expect to see some new features. However, OnePlus has been a bit unfortunate in needing to update its latest flagship smartphone for a security fix right after its launch. The OnePlus 6 bootloader vulnerability has left users open to hackers. After discovering the flaw, the company promises to release a fix for it soon.
OnePlus 6 Bootloader Vulnerability Leaves Users Unsecured
A couple of days ago, the news about OnePlus 6 bootloader vulnerability flooded the internet. A security researcher, Jason Donenfeld (president of Edge Security, popularly recognized as zx2c4) pointed out about this flaw that lets the device to boot any arbitrary image without unlocking the phone. It means anyone having physical access to your device can enjoy complete control on it, even if you think it’s locked.
Donenfeld has demonstrated the phenomenon in a video posted on Twitter.
— Edge Security (@EdgeSecurity) June 9, 2018
As he explained, the vulnerability works when someone physically accesses OnePlus 6 smartphone via USB tethering, and the appropriate tools and software for it. After the hacker restarts the phone in Fastboot mode and links it to a computer, he can easily download any modified or malicious image to the device.
Manufacturers Promise To Release A Fix Soon
Luckily, the company realized the blunder soon after the news about OnePlus 6 bootloader vulnerability surfaced online. In an official statement, the device makers have promised to release a fix for this flaw soon. They say they are working with the researcher who identified this error.
“We take security seriously at OnePlus. We’re in contact with the security researcher, and a software update will be rolling out shortly.”
This is not the first time we see OnePlus in the news for a security risk. Earlier this year, we reported about a data breach after the OnePlus’ website was hacked. Now we see a critical vulnerability in the firm’s latest flagship.
The officials have announced no firm date for the update of its software. However, they should perhaps do this as fast as possible as detection of such a critical vulnerability right after the release of its latest flagship will certainly have an adverse impact on the overall sales of this device.
Recently, the company released its OxygenOS 5.1.6 update, yet it also lacked that bootloader fix. So, we might expect to see a fix in the next OxygenOS 5.1.7 version.
Until they release a patch for it, the users must ensure they keep their new handsets safe from anyone they don’t trust for them to protect themselves from potential intruders.
Let us know your thoughts below.