A properly locked bootloader is one of the main aspects of a phone security. It prevents a phone from flashing or booting arbitrary code. It also keeps the device software safe and secure from external threats. According to some reports, OnePlus 6 allow users to boot an arbitrary image of their choice. This is possible even with a locked bootloader.
According to some reports, this vulnerability was first discovered by zx2c4, a security researcher. The researcher’s name is Jason Donenfeld who is also the president of Edge Security. The vulnerability will allow anyone to access the device. It will also allow anyone to boot an arbitrary image on the device.
More about the vulnerability on OnePlus 6:
This a very serious problem as any user can modify the stock OnePlus 6 boot image. This modified boot image can be used to include things like root access and insecure ADB connection. It will provide the attacker / hacker the full control of user’s device. With the help of an external computer, a cable and enough time to restart the device into the bootloader anyone can violate the device security by just booting the modified image.
A properly locked bootloader could have prevent this vulnerability, but it seems that the company has slipped it. In order to exploit this vulnerability, an attacker will require to have the access to user’s device. The attacker will require to have physical and unsupervised access to user’s phone.
However good part is that OnePlus is aware of the vulnerability. And the company is currently working to fix it.
“We take security seriously at OnePlus. We are in contact with the security researcher, and a software update will be rolling out shortly.“
The above statement implies that the company will soon fix the vulnerability.