According to a security researcher, all OnePlus models including One, X, 2, 3 and 3T, running on the latest OxygenOs (4.1.3) or even below are vulnerable to FOUR remote attacks.
If you are an OnePlus user, we have some bad news for you. The smart phone sold like hot cakes with OnePlus 3T receiveing 2 lakh registrations in Amazon early access sale, which sold out in under a minute.
According to a security researcher, all OnePlus models including One, X, 2, 3 and 3T, running on the latest OxygenOs (4.1.3) or even below are vulnerable to FOUR remote attacks. More concerning is that all these weak links remain un-patched by the company, reports The Hacker News.
In one of the get through the Man-in-the-Middle (MitM) can initiate an attack against OnePlus device users, which will in turn allow a remote user to change the device's OS to an older version making the entire device open for further exploitation!.
Through the aforementioned gateway, the hacker can even replace the Oxygen OS with its Chinese version known as the Hydroge OS. If he wishes he can boot an enirely different ROM with some hidden spying apps.
These were discovered by Roee Hay of Aleph Research, HCL Technologies.
1) OnePlus OTA Updates Over HTTP: CVE-2016-10370
The device manufacturer has been sending OS updates and patches over unencrypted channels, which allows the MitM to initiate a remote hack. All updates do have a digital signature, but other weaknesses render the digital signature redundant.
2) OnePlus OTA Downgrade Attack: CVE-2017-5948
This allows the hacker to downgrade, any ROM of his choice. All OnePlus OTAs of a variety of ROMs have the same digital signature and gaining access to it will allow the device to boot any OTA image, bypassing the locked bootloader.
While Android devices have a logical code which prevents it from downgrading, but OnePlus does not have any restriction. The researcher came up with the published proof-of-concept (PoC) code on GitHub. OnePlus 3T, OnePlus 3, OnePlus 2, OnePlus X and OnePlus One are affected by this vulnerability.
3) OxygenOS/HydrogenOS Crossover Attack: CVE-2017-8850
This flaw allows the hacker to replace Oxygen OS with Hydrogen OS and even vice-versa. This can be done because “the fact (that) both ROMs use the same OTA verification keys.” The researcher has published proof of this here.
4) OnePlus OTA One/X Crossover Attack: CVE-2017-8851
This flaw, is only for OnePlus X and OnePlus One. This flaw enables the hacker to replace Oxygen/Hydrogen OS built for OnePlus X with that one of OnePlus One even if the boot loader is locked.
Check out the researcher's proof here.
All these flaws can be averted by a simple tweak on the company's part. If they start using secure and encrypted channels for delivering OTA updates, through HTTPS/TLS implementation the menace can be checked in its womb.
But, there's one small modicum of relief for the user that both the user and the hacker must be on the same network for the hack to take place. Therefore it is advisable to avoid public WiFi hotspots.
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
 "hcl technologies,github, One Plus hacks, OnePlus 3T, OnePlus 3, OnePlus 2, OnePlus X and OnePlus")
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
)
){kind=small}
){kind=small}
)
)
)
)
)
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}