Four major vulnerabilities have been identified by Aleph Security in the OTA upgrade process of all OnePlus devices but the Chinese company has yet to address any of the issues. The group reported the vulnerabilities to OnePlus back in January but OnePlus hasn't patched any of the reported vulnerabilities three and a half months later. The delay in releasing the much-needed fixes prompted Aleph Security to publicize its findings, the firm said. The cyber security research team highlighted the need to patch these security flaws as soon as possible since malicious individuals could hack the system update process and even exploit some of the previously patched vulnerabilities. Another security risk is the ability to install ROMs not officially released to the device even with a locked bootloader, which runs the risk of installing malicious ROMs filled with spying apps.
Aleph Security, the security research group of HCL Technologies, identified the four major security flaws as the sending of OTA system updates through unencrypted channels, the ability to downgrade the operating system installed in the device, the ability to replace OxygenOS with HydrogenOS and vice versa even with locked bootloaders, and the ability to install either OnePlus One or OnePlus X ROMs on either of the two devices. Sending system updates unencrypted allows hackers to execute Man-in-the-Middle attacks. The exploitation of the other three vulnerabilities, meanwhile, could result in the hijacking of the system upgrades by hackers, made possible by the lack of verification done during the update process. Downgrades are possible due to the lack of verification between the OTA upgrade date and the installed build date. Downgrading the operating system installed in the devices exposes the handsets once again to previously patched vulnerabilities. The last two bugs, meanwhile, are made possible due to the lack of binding between the OTA update and the target device, experts claim.
The hacking of the OTA upgrade process is possible on all devices released by OnePlus. However, those who own the OnePlus 3 and the OnePlus 3T may be less exposed to its risks since they have the option to enable Full Disk Encryption. Encryption effectively protects device owners from hackers attempting to exploit the vulnerability. Users, however, should be reminded that employing a lock screen does not equate to enabling Full Disk Encryption and device owners should instead enable the Secure Startup option in the Settings app of their devices.