Tuesday, 22 January 2019
Latest news
Main » Fix on the way for OnePlus 6 bootloader security flaw

Fix on the way for OnePlus 6 bootloader security flaw

10 June 2018

As reported on XDA Developers, and first noticed by researcher Jason Donenfeld of Edge Security, the bootloader on the OnePlus 6 isn't as locked down as it should be - that's the part of the phone's built-in firmware that stops you replacing the OnePlus OS with whatever else you want to install instead.

To take advantage of the vulnerability, a hacker needs to not only have physical access to your OnePlus 6, he also has to have your phone hooked up with a PC.

The phone maker has confirmed in a statement that a fix for the bug is going to be rolling out shortly, but until then don't let your OnePlus 6 out of your sight. The flaw makes it possible for someone to boot arbitrary or modified images - even if the bootloader is locked. Even crazier, as you can see from the video below, USB debugging doesn't need to be turned on.

Android Police verified the vulnerability and was able to boot TWRP on its bootloader-locked OnePlus 6. That is usually a requirement when it comes to messing around with your smartphone. Of course, these two things are in completely different realms as OnePlus warns users that face unlock is less secure than other security measures while the ability to bypass a locked bootloader is a system-level vulnerability.

The OnePlus 6 might be the ideal Pixel alternative, but it also features a serious security flaw that thankfully will be fixed in a software update, reported XDA Developers.

With no special requirements beyond having physical access to the device so it can be hooked up to a PC, is this something that OnePlus 6 owners should be anxious about? From there, it is a simple matter of restarting the handset in Fastboot and loading the modified image.

Fix on the way for OnePlus 6 bootloader security flaw