Security on Android phones is never an assurance, but this time the red line zone has been passed. A new flaw has been discovered on the OnePlus 6: it can enable anyone to take total control of the device easily. The flaw is with regards to the bootloader and in order to take advantage of this flaw, you just need the physical access to the device and a PC. It has been discovered by Jason Donenfeld, an XDA member and president of Edge Security LLC. If you have some basic idea of Android modding, then you might know that the standard bootloader installed on smartphones prevents installing custom ROMs on the device.
But due to the big flaw, the bootloader of the OnePlus 6 allows installing every customized system image, even though the bootloader is locked. To do so, the user needs physical access to the device and it has to be connected to the PC at least once. Then, you just need to boot the phone through the fastboot mode and flash the customized image. You can even install custom recoveries such as TWRP and obtain root access, and if you do so, there will be no usage limits.
So, if you own a unit of the OnePlus 6 and you actually lose your device or someone steals it, he can easily take total control of it and delete all of your data. After the discovery, OnePlus has been alerted and it has already released a statement on the matter. Here are the words spoken by the company:
We take security seriously at OnePlus. We are in contact with the security researcher, and a software update will be rolling out shortly.
A software update for the OnePlus 6 to fix the big flaw should arrive soon, but in the meantime make sure not to lose your device!