Cyanogen Inc aims to fix recently discovered OpenSSL vulnerabilities before OnePlus One launch

Cyanogen Inc

The saga of OnePlus and their supposed flagship killer continues to spiral into odd corners of the Internet with the most recent murmurs coming from OnePlus themselves, announcing yet another delay. Lucky users recently received an email from OnePlus stating that they were now able to purchase the OnePlus One, however the exact ship date was unknown due to “perfecting some final issues” in their software. While this sure sounds like software is to blame, Cyanogen Inc’s Abhisek Devkota took to Reddit to set the record straight.

On June 5th, an OpenSSL security bulletin was posted, alerting the world that multiple vulnerabilities had been discovered in their software. An attacker could use these exploits to decrypt and listen in on traffic between clients and servers (man-in-the-middle), another exploit could allow denial of service attacks, another vulnerability could allow a hacker to run code on an exploitable device, and the list goes on and on.

Seeing as CyanogenMod includes major features to protect the privacy and security of their users, such as Privacy Guard and WhisperPush, Cyanogen Inc decided to include the patches and corrections for those vulnerabilities to uphold their stance on these matters. As a result, the final firmware needed to go through the quality assurance and certification process again. This was most likely a tough decision to purposefully delay a product that that Cyanogen Inc has been working on for such a long time, however protecting their end users from known vulnerabilities, that they are able to fix, is more important and the right course of action.

So, hold your pitchforks. Blaming Cyanogen Inc for the OnePlus One delay is actually a good thing. The real question we should be asking ourselves is, why did OnePlus elude to software issues, using CyanogenMod 11S as a scapegoat for their production woes? While they didn’t come out and say Cyanogen Inc was to blame, they left their official stance on the issue wide open to interpretation and didn’t comment on countless CyanogenMod delay rage posts that cluttered their official forums.

underthebus

In the future I hope that OnePlus and Cyanogen Inc can work more closely together to report issues like these before they turn into this unneeded shitstorm. With more transparency, everyone wins.

Source: Reddit

Continue reading:

TAGS: , , ,



  • lolwut

    Ok this is actually pretty awesome of them. Big OEMs would have shipped as-is and patched later. They’re being pretty transparent and we should start to cut them some slack!

    • http://google.com/+derekross Derek Ross

      Agreed. Let’s wait and see how long it takes for Android 4.4.3 to roll out to the OnePlus One before web bring out our pitchforks.

      • irishrally

        I’m guessing around 3 months. I wonder if they have the infrastructure set up to efficiently roll out OTA updates yet.

        Edit: I guess they already rolled out some updates to the first 100 contest winners.

    • Carl Rood

      And why do they do that? Because in business, missing target dates costs you more customers than hitting those dates and fixing later. Even when its absolutely necessary for something like a safety issue, people always remember the delay, not the reason.

      Think about the last time you were sitting for hours in an airport terminal? Did you feel thankful that the safety procedures were followed or were you just annoyed that you had to wait around for your plane?

    • Tony Lai

      lol, to me it’s just excuses because they probably don’t even have the hardware ready out of the factory!

  • BronzeLincolns

    despite this little set back they’re still on track for end of june availability. some have reported oneplus online support saying their ordered phones will ship friday. don’t know if that’s for everyone or for certain countries however.

  • KOLIO

    Any word on your OPO yet Derek?

    • http://google.com/+derekross Derek Ross

      I gave my invite away to a friend. The invite was for 64gb version only. I had wanted the 16gb version. At this point in the game honestly I don’t want to spend money on this phone. I had wanted it badly a month ago… now I’m willing to wait 2 or 3 more months for a follow up to the Moto X. I’m sitting happily with Android 4.4.3 and as a fanboy, it’s hard to downgrade.

      • irishrally

        You bailed on the Find 7?

        • Dwight

          He bailed on the oneplus one (the topic of this article…)

          • irishrally

            *yawn* he did a review on the Find 7 and was using it as a daily.

          • http://google.com/+derekross Derek Ross

            Correct! I loved the hardware but ultimately the software made me leave it. I’m a stock Android kind of guy. Even with with CM11S ROM for it, there was a bug or two (because it was a port) that I didn’t want to deal with anymore.

          • Dwight

            Oh yeah I’d forgotten about that. My bad for thinking you were an idiot. :)

        • http://google.com/+derekross Derek Ross

          Still have the Find 7a. I’m running an OmniROM build on it for kicks right now. I used it for about a month and a half before going back to my Moto X.

      • KOLIO

        VERY COOL of you to pass the invite along!

  • Vermont

    Is Cyanogen Inc building a “separation kernel” into its OS for the OnePlus One?

  • BronzeLincolns

    phones are now starting to ship out

    • domatau

      Source?

      • JMS55C

        Some people who bought the phone got shipping notices. It’s on their forum right now.

        • http://google.com/+derekross Derek Ross

          Correct. I’ve seen a few of my friends post notifications.

  • Tony Lai

    They just want to make up excuses to buy themselves time before all the invitation quantity of hardware comes out from the factory, LOL~ like 1000 units? hahahh