Friday, January 31, 2025
Follow us On Linkedin
HomeVulnerabilityOnePlus 6 Bootloader Vulnerability Could allows Booting any Image even the Bootloader...

OnePlus 6 Bootloader Vulnerability Could allows Booting any Image even the Bootloader is Locked

Vulnerability

Published on

By Gurubaran
OnePlus 6 Bootloader Vulnerability Could allows Booting any Image even the Bootloader is Locked

Free Webinar DevSecOps Hacks

SIEM as a Service

Follow Us on Google News

A critical OnePlus 6 vulnerability discovered that could allow booting the phone with a modified image and can get administrator privileges even if the bootloader is completely locked and in secure mode.

This OnePlus 6 Vulnerability discovered by Jason Donenfeld of Edge Security, according to the researcher the vulnerability could be exploited by the attacker if they physical access to a OnePlus 6 device.

A bootloader manages and executes the boot sequence, it ensures that you are loading with the genuine software. It is an encrypted security measure and all the Android phones shipped with a locked bootloader.

Need Physical Access to Exploit OnePlus 6 Vulnerability

Jason published a live video demonstration of how an attacker can get a malicious image using the ADB tool’s fastboot command if they have physical access to the device.

All the attacker needs are to do reboot the mobile device in Fastboot mode and by connecting the device to the computer an attacker can download the modified image to the device.

Android police confirm this OnePlus 6 Vulnerability present on the OnePlus 6 and it could give the attacker a full control over the device.

Oneplus has officially acknowledged the bootloader vulnerability, saying that the fix will be rolled out soon.

We take security seriously at OnePlus. We are in contact with the security researcher, and a software update will be rolling out shortly.

This is not the first time OnePlus users under risk, in last November a Remote code Exploitation Found in OnePlus devices that allow hackers can run an arbitrary code on vulnerable OnePlus Mobile Phones.

According to reports, OxygenOS 5.1.6 still includes the hack-friendly bootloader, so a patch might be included in OxygenOS 5.1.7.

Also Read:

OnePlus Website Hacked and Attackers Stolen Many Customers Credit Card Details

OnePlus Phones comes with Pre-installed Backdoor that Provides Root Access to the Device

Critical Vulnerability with OnePlus devices allows Remote Exploitation

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

cyber security

Hackers Exploiting DNS Poisoning to Compromise Active Directory Environments

A groundbreaking technique for Kerberos relaying over HTTP, leveraging multicast poisoning, has been recently...
Android

New Android Malware Exploiting Wedding Invitations to Steal Victims WhatsApp Messages

Since mid-2024, cybersecurity researchers have been monitoring a sophisticated Android malware campaign dubbed "Tria...
cyber security

500 Million Proton VPN & Pass Users at Risk Due to Memory Protection Vulnerability

Proton, the globally recognized provider of privacy-focused services such as Proton VPN and Proton...
cyber security

Arcus Media Ransomware Strikes: Files Locked, Backups Erased, and Remote Access Disabled

The cybersecurity landscape faces increasing challenges as Arcus Media ransomware emerges as a highly...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

Register Now

More like this

cyber security

500 Million Proton VPN & Pass Users at Risk Due to Memory Protection Vulnerability

Proton, the globally recognized provider of privacy-focused services such as Proton VPN and Proton...
Apache

Cybercriminals Exploit Public-Facing IIS, Apache, and SQL Servers to Breach Gov & Telecom Systems

A recent investigation by Unit 42 of Palo Alto Networks has uncovered a sophisticated,...
CVE/vulnerability

CISA Releases Seven ICS Advisories to Strengthen Cybersecurity Posture

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued seven Industrial Control Systems...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2024 GBHackers On Security - All Rights Reserved