OnePlus 6 was launched last month and the community development of the device has already started. In fact, an official TWRP recovery has been released as well much like many other OnePlus phones. However, a security researcher Jason Donenfeld, president of Edge Security LLC has discovered a vulnerability on the device that allows the device to boot any arbitrary modified image that bypasses bootloader protection measures.
The #OnePlus6 allows booting arbitrary images with `fastboot boot image.img`, even when the bootloader is completely locked and in secure mode. pic.twitter.com/MaP0bgEXXd
— Edge Security (@EdgeSecurity) June 9, 2018
This vulnerability allows attackers with physical access and a tethered connection to a PC to take control of the device which is a serious concern. In case if the boot image is modified with any insecure ADB and ADB as root by default, it will gain the attacker the physical access and will have total control over the device.
To exploit this vulnerability, the attacker does not require the user to have USB Debugging enabled; this means that the attacker only needs to gain physical access. Not very surprisingly, OnePlus has acknowledged the issue and says that it will be following up on this matter as more information becomes available.
In a statement OnePlus spokesperson said:
We take security seriously at OnePlus. We are in contact with the security researcher, and a software update will be rolling out shortly.