OnePlus 6 flagship suffers a bootloader security problem. The company released a statement that the OnePlus 6 bootloader which gives root access to the handset could easily be bypassed without ever being unlocked. However, the company says it is working closely with the security researcher, Edge Security LLC’s Jason Donenfeld, to rectify that. .However the company has commented on the time frame but one plus has record of fixing bugs earliest when compared to most of the other mobile manufactures
In the meantime, this security vulnerability is a relatively mild one compared to some problems faced by various OEMs, devices, and the OS over the past year. In fact, it requires physical access to a device in order to take advantage of. That doesn’t mean that it isn’t a serious concern but it goes without saying that the problem could be worse. Given physical access to a device, the bug makes it possible for an attacker to modify the OnePlus device with a boot image that’s modified with insecure ADB and ADB as root by default.
That’s also completely possible without having USB debugging enabled and, worse still, with the bootloader still locked down. In short, it allows a malicious entity with physical access to completely bypass security measures with a relatively arbitrary change to the system image. The ease with which that type of change can be accomplished is the primary concern since it means that very little effort is needed to gain complete control over the flagship.
Need Physical Access to Exploit OnePlus 6 Vulnerability
All things considered, this lapse in security could have been much worse. If the issue had been accessible without direct physical access to individual handsets, it would have left the OnePlus 6 wide open to massively scaled attacks. Since it requires very few changes to the OS itself, any such attacks could have been done in a way that would have gone mostly unnoticed. For now, users just need to wait for a fix to roll out and should probably take extra steps to ensure that nobody has access to their device for extended periods of time. and also prevent them Connecting To a Computer without your permission
“We take security seriously at OnePlus . We are in contact with the security researcher, and a software update will be rolling out shortly.”An One Plus Company Employee
Source: Blog Post