OnePlus 6 bootloader vulnerability

[me just sayin]

oops, look like there is a bootloader vulnerability on the OnePlus6 that will give anyone who is holding the phone access. In other words, there is no security on the phone - Not good.

One of the most elementary aspects of phone security is the idea of a locked bootloader, which is supposed to prevent a handset from flashing or booting arbitrary code, ostensibly keeping the software on the device secure. It's super basic—or, at least, it's supposed to be. Turns out, the OnePlus 6 will allow you to boot any arbitrary or modified image you choose, even on a locked bootloader.

[Update: OnePlus promises a fix] OnePlus 6 bootloader vulnerability could allow anyone with physical access full control of your phone

 

[Sajo]

Allowing anyone with the phone in their possession AND the means to know how to "boot an arbitrary image on the device...". Seems like a very low risk to me. Oh....let.me hand my phone directly to a known hacker, with flashing tools & software in his possession.

That's some strange reporting in the linked article. "Anyone with access..." Is kind of a stretch.

Sent from my XT1650 using Tapatalk

 

[me just sayin]

I would not say low risk though it may seemed to be. it would be like using a linux disk to boot to a password protected windows computer to access the files. it could be done by anyone with a little common sense.

the thing is, IMO, more people keep a lot of personal info on their smartphones they would not dream of keeping on their computers. Whether high risk or low risk, there must be a perception of security. at this time, onePlus6 does not have that perception.

 

[Sajo]

I don't disagree that security is important these days (now more than ever). I also agree that the perception of security is important. And I also agree that this is a nasty bug that One Plus needs to fix; and it's good to hear that they are aware of it and plan on a fix. My point was that the linked article made it seem like "anyone" with possession of the phone can control it. IF the owner hands the phone over to a malicious person, and IF the malicious person has the tools, software and skills to flash malicious code onto the phone....while the owner just stands around and does nothing...then yes, they can control the phone. Seems unlikely to me, especially since One Plus owners tend to be a little more tech savvy and probably don't just hand their phone over to malicious people and then wonder what they are doing with it.

Many of these vulnerabilities seem to be way overblown and over dramatized by many tech media sites. I guess that's how they get their clicks, over sensitized titles?

I'm glad your title here on our forum was not a click bait style thread title. It just stated that a vulnerability exists. Good job keeping the title simple and to-the-point.

 

[me just sayin]

headlines are supposed to be click bait. I guess I messed up on this one

you are right, nobody is going to stand around and let someone take control of their phone but at the same time, the problem in this case is, it is so easy to. It is like leaving your front door unlocked. nobody is going to go in without permission if you are standing there but would you want it unlocked when you leave it unattended.