OnePlus launched its latest flagship device, the OnePlus 6, last month. Now, a new vulnerability has been spotted on the latest smartphone that could allow hackers to gain full access of the device.
Jason Donenfeld, president of Edge Security LLC, has discovered a new bug that allows a hacker to boot any arbitrary modified image that bypasses bootloader protection measures. This vulnerability allows hackers, who have a physical access to the device and tethered connection to a PC, to take full control of the device without many hurdles. Further, the hacker could add an insecure ADB and ADB as root by default, which allows attackers with physical access to have all the data and information like passwords, credit card details and more quite easily.
— Edge Security (@EdgeSecurity) June 9, 2018
Further, the vulnerability does not require USB Debugging, which simply means that attackers require nothing else but the device to gain full access on the OnePlus 6. The brand has acknowledged this issue and assured that a software update will be rolled out soon. “We take security seriously at OnePlus. We are in contact with the security researcher, and a software update will be rolling out shortly,” aOnePlus spokesperson told XDA Developers.
This is not the first time OnePlus is surrounded by such issues. OnePlus rolled out the first update, which brought a host of new features like slow-motion video support, portrait mode and much more. However, the update took away one feature that its users always loved.
The brand has silently removed the beloved ‘Always-On’ display with the latest update. This was confirmed b a Reddit user, who said that before the update, he was able to see two option, ‘lift up’ and ‘always on’ in Display > Ambient settings. However, with the latest update, the option of Always On option is gone. Multiple users took Reddit to express the same issue with the latest smartphone.