May 12th, 2017

Other than the ongoing saga of the OnePlus 2 not receiving the update to Android Nougat yet, all was looking good for OnePlus and its software releases. However, a new report claims that the latest version of OxygenOS leaves your OnePlus 3 or OnePlus 3T open to a pretty bad vulnerability.

According to Aleph Security, the “Man-in-the-Middle” exploit intervenes in the process to downgrade your device via an OTA. Instead, when you attempt to install an update, your device can be taken over and a malicious version of the software can be installed on your device, revealing tons of personal information.

There is some hope out there for your device to not be affected, as this only works if “Full Disk Encryption” is turned off. However, it seems that there has not been any response from OnePlus on the matter.

Aleph Security claims that it reported the exploits to OnePlus, but have not received any word back from the company. This was first reported to OnePlus back in January, and Aleph Security even offered an extended window before reporting the bug publicly, only to be ignored.

The exploit affects OxygenOS 4.1.3, which is the latest version of the software, so it’s extremely likely that your device is open to this vulnerability. We’ll have to wait and see if OnePlus decides to address this or if it will simply release a new update which patches the exploit.

[Aleph Security]

local_offer    OnePlus   OnePlus 3   OnePlus 3T