OnePlus 6 bootloader vulnerability

Discussion in 'OnePlus Smartphones (All Numbered Models)' started by me just sayin, Jun 9, 2018.

  1. me just sayin

    me just sayin Diamond Member

    Joined:
    Jun 7, 2017
    Messages:
    6,466
    Likes Received:
    4,559
    Trophy Points:
    1,778
    Location:
    35.7051° N, 89.9695° W
    Ratings:
    +4,697
    Current Phone Model:
    Note 8
    oops, look like there is a bootloader vulnerability on the OnePlus6 that will give anyone who is holding the phone access. In other words, there is no security on the phone - Not good.

    [Update: OnePlus promises a fix] OnePlus 6 bootloader vulnerability could allow anyone with physical access full control of your phone
     
    #1 me just sayin, Jun 9, 2018
    Last edited: Jun 10, 2018
    • Like Like x 1
  2. Sajo

    Sajo Diamond Member

    Top Poster Of Month

    Joined:
    Jan 25, 2013
    Messages:
    14,524
    Likes Received:
    10,055
    Trophy Points:
    1,863
    Location:
    Tennessee
    Ratings:
    +10,599
    Current Phone Model:
    Moto Z2 Force
    Allowing anyone with the phone in their possession AND the means to know how to "boot an arbitrary image on the device...". Seems like a very low risk to me. Oh....let.me hand my phone directly to a known hacker, with flashing tools & software in his possession.

    That's some strange reporting in the linked article. "Anyone with access..." Is kind of a stretch.

    Sent from my XT1650 using Tapatalk
     
    #2 Sajo, Jun 11, 2018
    Last edited: Jun 11, 2018
  3. me just sayin

    me just sayin Diamond Member

    Joined:
    Jun 7, 2017
    Messages:
    6,466
    Likes Received:
    4,559
    Trophy Points:
    1,778
    Location:
    35.7051° N, 89.9695° W
    Ratings:
    +4,697
    Current Phone Model:
    Note 8
    I would not say low risk though it may seemed to be. it would be like using a linux disk to boot to a password protected windows computer to access the files. it could be done by anyone with a little common sense.

    the thing is, IMO, more people keep a lot of personal info on their smartphones they would not dream of keeping on their computers. Whether high risk or low risk, there must be a perception of security. at this time, onePlus6 does not have that perception.
     
    #3 me just sayin, Jun 12, 2018
    Last edited: Jun 12, 2018
  4. Sajo

    Sajo Diamond Member

    Top Poster Of Month

    Joined:
    Jan 25, 2013
    Messages:
    14,524
    Likes Received:
    10,055
    Trophy Points:
    1,863
    Location:
    Tennessee
    Ratings:
    +10,599
    Current Phone Model:
    Moto Z2 Force
    I don't disagree that security is important these days (now more than ever). I also agree that the perception of security is important. And I also agree that this is a nasty bug that One Plus needs to fix; and it's good to hear that they are aware of it and plan on a fix. My point was that the linked article made it seem like "anyone" with possession of the phone can control it. IF the owner hands the phone over to a malicious person, and IF the malicious person has the tools, software and skills to flash malicious code onto the phone....while the owner just stands around and does nothing...then yes, they can control the phone. Seems unlikely to me, especially since One Plus owners tend to be a little more tech savvy and probably don't just hand their phone over to malicious people and then wonder what they are doing with it.

    Many of these vulnerabilities seem to be way overblown and over dramatized by many tech media sites. I guess that's how they get their clicks, over sensitized titles?

    I'm glad your title here on our forum was not a click bait style thread title. It just stated that a vulnerability exists. Good job keeping the title simple and to-the-point.
     
  5. me just sayin

    me just sayin Diamond Member

    Joined:
    Jun 7, 2017
    Messages:
    6,466
    Likes Received:
    4,559
    Trophy Points:
    1,778
    Location:
    35.7051° N, 89.9695° W
    Ratings:
    +4,697
    Current Phone Model:
    Note 8
    headlines are supposed to be click bait. I guess I messed up on this one :)

    you are right, nobody is going to stand around and let someone take control of their phone but at the same time, the problem in this case is, it is so easy to. It is like leaving your front door unlocked. nobody is going to go in without permission if you are standing there but would you want it unlocked when you leave it unattended.