Error in bootloader OnePlus 6 allows flashing custom roms
There is a bug in the bootloader of the OnePlus 6, which ensures that the security can be easily bypassed when flashing images. Malicious persons could easily gain full control over the smartphone as a result.
A developer using the pseudonym zx2c4 was the first to discover the vulnerability, and managed to flash a modified image on the OnePlus 6 without disabling the bootloader’s protection first, according to a post on the XDA Developers developer community. To flash the image, in this case the custom recovery TWRP, it was also not necessary to enable USB debugging, which only requires physical access to the device, a USB connection, and a PC.
While the vulnerability allows OnePlus 6 owners to easily install custom ROMs, it is also a security risk. A malicious person only needs to get their hands on the smartphone to flash software that gives them full control.
OnePlus has responded to the find by saying it will be working on a software update to fix the vulnerability. However, it is not yet known when that patch will be released.