OnePlus 6: a Bug Allows Access to Your Data Even if The Device is Locked

in #writing6 years ago

fut.jpg
Due to a software bug, it just require to plug in the device on a computer to run another operating system and acquire administrator rights.

If you use a OnePlus 6, do not leave it unattended. Security researcher Jason Donenfeld has just discovered a simple breach that allows you to take control of the device and access its data, even if it's locked. Simply connect it for a few minutes to a computer.

fth.jpg

@EdgeSecurity

The # OnePlus6 allows booting arbitrary images with fastboot boot image.img, even when the bootloader is completely locked and in secure mode.
16:49 - 9 June 2018

In this video sent on Twitter, the researcher shows that if the OnePlus 6 is restarted in Fastboot mode, it is possible to boot on any other operating system and to configure a root access. This is the basic principle of this mode, which includes both the special diagnostic protocol, which allows booting from a system image on a PC to USB, and the software that runs on the smartphone.

Nevertheless, in theory this mode shouldn’t be accessible in this way. Indeed, in the video we see that the bootloader is locked, which should prevent the execution of another system.

It’s true that some providers allow users to unlock their bootloader, but the stored data are automatically erased, for security reasons. None of this in the case of OnePlus 6 because it’s possible to run another system and the data are perfectly preserved and therefore accessible to a malicious person.

DQmdpsoEfLe5nRg4Q1oKWHNjLdMnAucCYfRou1yF5Yiwrzs.png

A patch is in preparation

The potential risks are serious and multiple. If an user get stolen his OnePlus 6, the thief can easily access all the data stored on the device. If the user hangs his OnePlus 6, for example in his hotel room, someone with privileged access could take advantage of this to steal data or to install spyware (Evil Maid Attack).

Alerted by Jason Donenfeld, OnePlus announced that an update would be available soon to solve this problem. This security breach follows another one discovered a few weeks ago. Dutch security researchers have shown that a simple photo can defeat the facial recognition authentication.

DQmdpsoEfLe5nRg4Q1oKWHNjLdMnAucCYfRou1yF5Yiwrzs.png

If you would like to learn how to be more anonymous on the Internet or to know what are the 4 security measures to put in place on your WIFI router, you know where to click ;-)

DQmNuF3L71zzxAyJB7Lk37yBqjBRo2uafTAudFDLzsoRV5L.gif

#blog #security #smartphone #hacking
6 years ago in #writing by
$3.51
  • Past Payouts $3.51, 0.00 TRX
  • - Author $2.69, 0.00 TRX
  • - Curators $0.82, 0.00 TRX
Reply 3
Sort:  
  • Trending
    • [-]
     6 years ago 

    Ouch, got to hate those bugs/problems allowing easy access to your data.

    $0.00
      Reply
      [-]
       6 years ago 

      Yes and it happens too much for me

      $0.00
        Reply
        [-]
         6 years ago 

        Good spot!

        I just wrote this article, would you mind giving it a look? :)
        https://steemit.com/security/@gaottantacinque/steemit-security-check-iframe-tricks#comments

        Many thanks

        $0.00
          Reply

          Coin Marketplace

          STEEM 0.32
          TRX 0.12
          JST 0.034
          BTC 64837.84
          ETH 3174.86
          USDT 1.00
          SBD 4.17