Notebookcheck Logo

Update | Security vulnerability discovered in the new OnePlus 6

Just about as useful.
Just about as useful.
A fatal vulnerability has been discovered on the new OnePlus 6, one that allows the flashing of unsigned boot images on the device even when the bootloader is locked.

Update: As promised, OnePlus has released an update addressing the bootloader vulnerability. It comes as the OxygenOS 5.1.7 update and is available to all—bar users in India who'll have to wait for the 5.1.8 update.

Original Article

OnePlus released the OnePlus 6 last month, and while the device has received mixed reviews, it’s still considered one of the best value flagships on the market. In typical fashion, however, the OnePlus 6 comes with a flaw. Wouldn’t be much of a OnePlus device if it didn’t, in fact.

A new report by XDA has discovered that the OnePlus 6 allows the flashing of unverified boot images, even when the device’s bootloader is locked. Android bootloaders are supposed to prevent the flashing of unsigned images, so it’s a tad confusing how OnePlus let something so basic get past them. Of course, the same company released the OnePlus 5 with an inverted display panel last year, so this may as well be about par.

The vulnerability means that users of the OnePlus 6 don’t have to unlock their bootloaders before tinkering with their devices. On the flip side, it also means that unsavory individuals can just wipe and install whatever image they fancy if they get their hands on a OnePlus 6. The whole process, of course, requires physical access to the device and a computer from which to run the needed commands. 

OnePlus has acknowledged the issue and stated that it is working on a security update that closes off the loophole.


static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2018 06 > Security vulnerability discovered in the new OnePlus 6
Ricci Rox, 2018-06-16 (Update: 2018-06-16)