From OnePlus One to OnePlus 3T, with Oxygen OS or Hydrogen OS: All OnePlus smartphones are vulnerable during OTA updates. Despite the hint, the Chinese device manufacturer has not closed the weak spot so far.
OnePlus has released security gaps for three months, which can theoretically result in a software downgrade and then exploit further vulnerabilities in the system. The security problem exists because the Chinese manufacturer delivers OTA updates for his smartphone models via HTTP instead of TLS, ie, unencrypted, and because you can upload any firmware signed by the manufacturer to the individual devices. Angry drivers could intervene in the OTA update process by means of a man-in-the-middle attack (MitM) and make an OS downgrade or even Oxygen OS or the hydrogen OS developed for the Chinese market by the other ROM variant The hackers Roee Hay and Sagi Kedmi report.
The security problem thus affects both ROM variants of OnePlus in the latest (Oxygen OS 4.1.3 and Hydrogen OS 3.0) and in older editions as well as all four Smartphone models available so far including the OnePlus X. A software downgrade would create new vulnerabilities The devices, which can then be further exploited by the attackers. The OnePlus X’s ROM can also be played on the OnePlus One and enable a denial-of-service attack. Unlike other Android manufacturers, OnePlus allows the installation of older images by software.
The hackers have reported the weaknesses already at the end of January the Chinese manufacturer and the usual 90-day period until the publication of the problems extended by 14 days. But OnePlus did not provide any patches. For the security gaps to be exploited, the full memory encryption on the smartphone should not be activated and an attacker must be in the WLAN in which the OTA update is transferred. On Github the hackers have published a proof-of-concept, in a blog contribution they explain the gaps closer.
More about: Android smartphones, smartphones, mobile operating systems