OnePlus 6 was launched last month and the community development of the device has already started. In fact, an official TWRP recovery has been released as well much like many other OnePlus phones. However, a security researcher Jason Donenfeld, president of Edge Security LLC has discovered a vulnerability on the device that allows the device to boot any arbitrary modified image that bypasses bootloader protection measures. The #OnePlus6 allows booting arbitrary images with `fastboot boot image.img`, even when the bootloader is completely locked and in secure mode. pic.twitter.com/MaP0bgEXXd — Edge Security (@EdgeSecurity) June 9, 2018 This vulnerability allows attackers with physical access and a tethered connection to a PC to take control of the device which is a serious concern. In case if the boot image is modified with any insecure ADB and ADB as root by default, it will gain the attacker the physical access and will have total control over the device. To exploit this vulnerability, the attacker does not require the user to have USB Debugging enabled; this means that the attacker only needs to gain physical access. Not very surprisingly, OnePlus has acknowledged the issue and says that it will be following up on this matter as more information becomes available. In a statement OnePlus spokesperson said: We take security seriously ...
Monday, 11 June 2018
OnePlus acknowledges OnePlus 6 bootloader protection bypass vulnerability, will roll out fix soon
OnePlus 6 was launched last month and the community development of the device has already started. In fact, an official TWRP recovery has been released as well much like many other OnePlus phones. However, a security researcher Jason Donenfeld, president of Edge Security LLC has discovered a vulnerability on the device that allows the device to boot any arbitrary modified image that bypasses bootloader protection measures. The #OnePlus6 allows booting arbitrary images with `fastboot boot image.img`, even when the bootloader is completely locked and in secure mode. pic.twitter.com/MaP0bgEXXd — Edge Security (@EdgeSecurity) June 9, 2018 This vulnerability allows attackers with physical access and a tethered connection to a PC to take control of the device which is a serious concern. In case if the boot image is modified with any insecure ADB and ADB as root by default, it will gain the attacker the physical access and will have total control over the device. To exploit this vulnerability, the attacker does not require the user to have USB Debugging enabled; this means that the attacker only needs to gain physical access. Not very surprisingly, OnePlus has acknowledged the issue and says that it will be following up on this matter as more information becomes available. In a statement OnePlus spokesperson said: We take security seriously ...
-
Here are the social profile links that I have worked on for Backlinks https://docs.google.com/presentation/d/1gAvVQYafqO_jWsSIz3N95Sy3q5KAx...
-
The Optimus L4 II E440 owners may also want to keep their device up-to-date. So we thought of giving you a tutorial of how to upgrade Opt...
-
Vivo launched the vivo V17 smartphone late last year in India with a Super AMOLED display, 32MP in-screen camera, and more. The successor t...
