One of the most contemplating fact about Android Devices is the ‘Security’ of it, and to prevail a secure ecosystem the ideal way to retain it is to leave the bootloader of a device locked, which will prevent the device from flashing or booting arbitrary code, ostensibly keeping the software on the device fully secure.
Meanwhile, like several other Android devices which are consistently getting plagued with several vulnerabilities, OnePlus 6 also joins the list. Although OnePlus also caught up with something similar in the past couple of years, to be more precise, it was the most familiar “Backdoor” vulnerability spotting the Engineering Mode app as the prominent reason on OnePlus 5T and its predecessors which have deployed much concern regarding the overall security.
However, this time it is also inevitable for OnePlus 6, and it was first discovered by a user named zx2c4, a security researcher named Jason Donenfeld and president of Edge Security.discussion in XDA Forum. According to him, this is confirmed this vulnerability and also stated that it could easily allow anyone to with the access and the means to boot an arbitrary image on the device itself. The only requirement to perform this is only the physical access of the device to bypass the bootloader protection measures. And overall it could provide a user the full access of the device remotely.
Although the device has to be linked to the PC for once at least. And if someone possibly manages to do this once then, proceeding further is very easy. First of the user has to go into Fastboot mode and load the modified image. However, USB necessarily need not to be enabled which makes it way to alarming for anyone to fetch the details of the device. Besides that, other reports coming from reliable news journals also confirmed that it is also possible to install TWRP on the OnePlus 6 even when the bootloader is locked and which turned out to be the actual reason behind all these Hessel passels.
<blockquote class=”twitter-tweet” data-lang=”en”><p lang=”en” dir=”ltr”>The <a href=”https://twitter.com/hashtag/OnePlus6?src=hash&ref_src=twsrc%5Etfw”>#OnePlus6</a> allows booting arbitrary images with `fastboot boot image.img`, even when the bootloader is completely locked and in secure mode. pic.twitter.com/MaP0bgEXXd
The company also addressed this issue after coming to know all about from XDA forum. And their statement was
“WE TAKE SECURITY SERIOUSLY AT ONEPLUS. WE ARE IN CONTACT WITH THE SECURITY RESEARCHER, AND A SOFTWARE UPDATE WILL BE ROLLING OUT SHORTLY.”- ONEPLUS
And from this, it can be presumed that they have constructed a proper fix which is probably on its way to reach every single OnePlus 6 device as soon as possible.