Bootloader Protection Bypass Discovered On OnePlus 6

Jason Donenfeld, president of Edge Security LLC, also known on XDA as zx2c4, has discovered a vulnerability on the OnePlus 6 that allows you to boot any arbitrary modified image that bypasses bootloader protection measures (such as a locked bootloader).

Exploiting this vulnerability requires physical access to the device.

This vulnerability allows an attacker with physical access and a tethered connection to a PC to take control of the device. If the boot image is modified with insecure ADB and ADB as root by default, then an attacker with physical access will have total control over the device.

In a statement, OnePlus says:

We take security seriously at OnePlus. We are in contact with the security researcher, and a software update will be rolling out shortly.

Story via –

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: