OnePlus 6 Can Boot Any Image Even With Locked Bootloader
What use is having a lock when you leave the door wide open anyway. That's the puzzle that OnePlus 6 owners are now facing after it was discovered how the phone may be fundamentally insecure right at the very gates. According to a security researcher, it is possible to flash any modified boot image on to the OnePlus 6, regardless of whether the bootloader is locked or not. The only consolation users have is that the hacker will need physical access to the device to accomplish this easy break-in.
The bootloader is a phone's first line of defense against the installation of uncertified software. That's why it's also the first one that needs to be unlocked before third-party ROMs can be installed or before phones can be rooted. But while most users will keep their bootloaders unlocked, OnePlus 6 users will need to be even more careful because of this bug.
According to Edge Security's Jason Donenfeld, the OnePlus 6, for some strange reason, can boot any arbitrary image using the ADB tool's fastboot command. That image can be crafted to gain control over the device and its contents, bypassing all other security measures implemented on Android. In other words, the OnePlus 6 is pretty much an open book.
The #OnePlus6 allows booting arbitrary images with `fastboot boot image.img`, even when the bootloader is completely locked and in secure mode. pic.twitter.com/MaP0bgEXXd
— Edge Security (@EdgeSecurity) June 9, 2018
But like a real book, the attacker needs to have physical access to the smartphone first. But unlike in most cases of theft or hacking (illegal or government-backed), that's pretty much all that the attacker needs. This differentiates this bug from the earlier OnePlus 5T "backdoor" which required USB Debugging (and Developer Options) to be enabled first.
According to XDA, the good news is that OnePlus is already on the case and promises that a software update will come shortly, hopefully very, very soon. While the company's response is swift, it still raises the question of how such an oversight escaped them yet again. It seems OnePlus still isn't completely free of its launch curse.