Recently launched OnePlus 6 has a serious vulnerability in its bootloader that makes it possible for someone to boot modified images to take full admin control of user’s phone even if the bootloader is locked.
What is a bootloader? How is it vulnerable in OnePlus 6?
A bootloader is a part of Android built-firmware and it is the first thing that runs when you boot up your Android device. Locking a bootloader prevents anyone from modifying the phone’s operating system.
Researchers have discovered that the bootloader on OnePlus 6 is not entirely locked thus allowing anyone to modify boot image without even having to turn on USB debugging, thus taking full control of your device.
The vulnerability, however, can be exploited only when someone has a physical access to your OnePlus 6. The vulnerability would require plugging the phone into a computer, restarting the phone into fastboot mode and then transfer any arbitrary or modified boot image.
OnePlus has acknowledged the vulnerability and promised to release a software update shortly.