Categories: Security

Using a OnePlus? Be Aware of These Security Vulnerabilities

While OnePlus fans eagerly await the Chinese phone’s release, they might want to take a look at a few of the phone’s flaws as well. Recently, security experts have uncovered major vulnerabilities in the OnePlus One, X, 2, 3 and 3T that pose a major risk to OnePlus users. If you’re interested in buying a OnePlus, be sure to download DFNDR on your new phone and to run Full Virus Scans regularly to keep your device secure against hackers that are taking advantage of the recently discovered vulnerabilities. In the meantime, don’t neglect the security of your current smartphone. Click here to run a scan now:

As consumers anticipate the arrival of the OnePlus 5 on June 20th, speculation about the newest smartphone’s updated features abound. Similar to its smartphone predecessors, the OnePlus 5 is anticipated to share a 5.5-inch AMOLED display with curved sides. The phone will rely on the Snapdragon 835 processor and it is rumored to have a 3,600mAH battery with faster charging.

Read More: Here Are the 5 Safest Apps for Live Streaming

OnePlus Updates

OnePlus manufacturers are still sending smartphone users operating system updates and security patches over unencrypted channels. When these updates are sent through insecure channels, remote hackers are able to perform man-in-the-middle (MitM) attacks. This flaw alone is not enough to allow malicious updates to reach phones. However, when combined with other security loopholes, it allows cyber attacks to override the digital signature associated with legitimate updates.

OnePlus Downgrade Attacks

Unlike Android devices which contain code that prohibits smartphone users from downgrading their operating system, the OnePlus contains no such checks. Due to this oversight, hackers are able to remotely downgrade the phone’s operating system to an earlier version which contains vulnerabilities addressed by later OS upgrades.

OxygenOS and Hydrogen OS Attack

The firmware of OxygenOS and Hydrogen OS for the OnePlus both rely on the same over-the-air verification keys. Due to this oversight, remote hackers are able to replace any version of the Oxygen operating system with any version of the Hydrogen operating system, according to security experts Roee Hay and Sagi Kedmi, who uncovered the security loopholes.

OnePlus One and OnePlus X OTA

Similar to the two flaws above, this crossover attack targets only the OnePlus X and the OnePlus One. In the case of this particular flaw, an MitM attacker can go a step further and replace the Hydrogen or Oxygen OS designed specifically for the OnePlus X phone with the version intended for OnePlus One phones. This attack is made possible because both versions share the same over-the-air verification keys as well as the same ro.build.product system property. The seriousness of this particular vulnerability should not be taken lightly, as it may render the device unusable until the phone has gone through a factory reset.

PSafe Newsroom

The dfndr blog is an informative channel that presents exclusive content on security and privacy in the mobile and business world, with tips to keep users protected. Populated by a select group of expert reporters, the channel has a partnership with dfndr lab's security team. Together they bring you, first-notice news about attacks, scams, internet vulnerabilities, malware and everything affecting cybersecurity.

Recent Posts

Vulnerabilities in Cyber Security: what they are and how to fix them?

Learn all about one of the hackers' favorite breach method and keep your company safe…

1 year ago

3 ways to recover deleted photos on Android

Have you ever wondered how to recover deleted photos on Android? After all, the lack…

1 year ago

What is worm?

Digital worms are among the most serious threats in the wild kingdom of the Internet.

2 years ago

Spoofing: What’s it all about?

Spoofing is a fairly sophisticated virtual scam that can fool even the most cautious and…

2 years ago

Careful With That QR Code! Five Steps For QR Code Safety

Five Steps to Reduce QR Code Risk! Step one? Read this article…

2 years ago

Pharming: Phishing’s Nasty Big Brother

Pharming is creating a new, dangerous brand of impostor syndrome. Check how to avoid pharming…

2 years ago