OnePlus to issue fix for OnePlus 6 bootloader vulnerability with software update
The OnePlus 6 handset has only recently launched across the world and it has received glowing reviews. The handset is not only getting attention from consumers who are interested in their device for their personal use but also from security researchers looking to see what they can unearth.
The #OnePlus6 allows booting arbitrary images with 'fastboot boot image.img', even when the bootloader is completely locked and in secure mode. pic.twitter.com/MaP0bgEXXd
— Edge Security (@EdgeSecurity) June 9, 2018
A researcher, Jason Donenfeld of Edge Security LLC, has found a vulnerability on the device that allows one to boot any arbitrary modified image that bypasses the bootloader protection measures, for example, a locked bootloader.
Although it sounds severe, the researcher is quick to point out that physical access to the device is necessary, along with a tethered connection to a PC. Elaborating on the matter, a report states that if the boot image is modified with insecure ADB and ADB as root by default, then an attacker with physical access will have total control over the device.
The researcher reached out to OnePlus and he informed multiple engineers of OnePlus about the vulnerability. OnePlus then acknowledge the report and issued a statement on the same.
OnePlus states, “We take security seriously at OnePlus. We are in contact with the security researcher, and a software update will be rolling out shortly.”
In India, the smartphone comes with a price tag of Rs 34,999 for the 6GB RAM and 64GB storage model. Whereas, Rs 39,999 for the 8GB RAM/128GB storage variant. The OnePlus 6 boasts of a 'notched' 6.3-inch Optic AMOLED display with a resolution of 1080x 2280 pixels and an aspect ratio of 19:9. Under the hood, the device is powered by a Qualcomm Snapdragon 845 chipset, accompanied by 8GB/6GB RAM and 64GB/128GB storage. The handset runs on a stock Android inspired OxygenOS 5.1 built on top of Android Oreo 8.1.