An independent security researcher has discovered a security flaw in the OnePlus 6 that exploits an issue in the bootloader to give a potential hacker access to your phone. Jason Donenfield of Edge Security LLC, a security firm based in the United States, has discovered a vulnerability on the OnePlus 6 that allows anyone with physical access to the phone and a PC to physically tether the device to boot a modified image that bypasses bootloader locking and protection measures, as reported by XDA Developers.
The vulnerability will give an attacker with physical access to the device full control over it, if the boot image is modified with an insecure ADB, and ADB as root by default, as per the XDA Developers report. A key factor here is that the vulnerability can only be exploited if the user has the device present physically. Even with this condition though, the security flaw is quite serious for anyone that is concerned about the security of their smartphone data.
— Edge Security (@EdgeSecurity) June 9, 2018
The security firm has reported the flaw to OnePlus, and the company has acknowledged the issue. OnePlus has also released a statement with regard to the issue: “We take security seriously at OnePlus. We are in contact with the security researcher, and a software update will be rolling out shortly.”
The OnePlus 6 was launched last month, and is priced from Rs 34,999 in India. The phone is powered by the Qualcomm Snapdragon 845 SoC, and comes with up to 8GB of RAM and 256GB of internal storage. The device comes with OxygenOS, on top of Android 8.1 Oreo. OnePlus is known for issuing regular software and security updates to its devices, and it’s likely that a fix to this vulnerability will be rolled out soon.