ALL >> Technology,-Gadget-and-Science >> View Article
Vulnerabilities In Oneplus Devices

A shockingly bad news have been emerged for the OnePlus lovers. On January 26, 2017, a security researcher, “ Roee Hay of Aleph Research “ had discovered four vulnerabilities that affect all OnePlus handsets, including One, X, 2, 3 and 3T. Roee and his team notified OnePlus team about four different vulnerabilities that they felt needed to be patched. Two of these have been marked as critical (CVE-2017–5948 & CVE-2017–8850) while the other two had their severity marked as high (CVE-2017–8851 & CVE-2016–10370). The team reported these to OnePlus in a responsible manner and with that came a 90-day disclosure deadline. Aleph Research went as far as to even extend this by 14 days, but they are still left unpatched. However, when OnePlus failed to release patches for the issues even after 90 days of responsible disclosure, and 14 days of additional ultimatum, the researcher decided to go public with the details of the vulnerabilities. One of the unpatched vulnerabilities allows Man-in-the-Middle (MitM) attack against OnePlus device users, allowing a remote attacker to downgrade the device’s operating system ...
... to an older version, which could then expand the attack surface for exploitation of previously disclosed now-patched vulnerabilities. Let’s see what those vulnerabilities are:
OnePlus OTA Lack Of TLS Vulnerability: CVE-2016–10370.
Roee Hay have claimed that OnePlus is rolling OS and security update over an unencrypted channel. According to them, OnePlus delivers OTA (over-the-air) updates over HTTP (Hypertext Transfer Protocol) without TLS (Transport Layer Security), enabling many to perform MitM attack on the devices.
2. OnePlus OTA Downgrade Vulnerability: CVE-2017–5948
This flaw allows a remote attacker to downgrade the operating system of a targeted OnePlus device, either running on OxygenOS or HydrogenOS, to an earlier version that may contain vulnerabilities disclosed previously. Since all the OnePlus OTAs of different ROMs and products are signed by the same digital key, the device will accept and install any OTA image, even if the bootloader is locked.
Security Researcher demonstrates how we can exploit CVE-2017–5948 & CVE-2016–10370 in order to downgrade OxygenOS from 4.1.3 to 4.0.0 via MiTM.
3. Same Product ROM Crossover (CVE-2017–8850).
This flaw allows a remote attacker to replace any version of OxygenOS on a targeted OnePlus device with any version of HydrogenOS, even on locked bootloaders. This attack is possible because of the fact that both ROMs use the same OTA verification keys.
4. Different Product ROM Crossover (CVE-2017–8851).
This flaw, which only affects OnePlus X and OnePlus One, is practically same as the above two, but in this case, a remote MiTM attacker can even replace the OS (Oxygen/Hydrogen) designed for OnePlus X with the OS (Oxygen/Hydrogen) designed for OnePlus One, even on locked bootloaders. This is because both the devices use the same OTA verification keys and share the same ro.build.product system property.
“That could theoretically allow for exploitation of vulnerabilities patched on one image but not on the other, in addition to the expansion of the attack surface,” Hay says. “Moreover, the vulnerability may result in having the device unusable until a Factory Reset is performed.”
All this flaws are still unpatched as on September 2017 despite of the fact that the researchers reported to the OnePlus team in January 2017 and then made it public in May 2017. ADVICE: I would Suggest Oneplus users to avoid connecting to untrusted networks or public Wi-Fi networks as exploitation requires the attacker and the targeted device to be on the same network Source: Aleph Security Found it Interesting? Follow Me Here : Taha Chatriwala Stay Secure ! Stay Happy !!
Wisemonkeys(https://wisemonkeys.info/), is an LMS platform with unique features like “Ask a question” and get it answers by experts within no time . It’s a mass initiative to spread knowledge worldwide, truly believe in “When we know knowledge is free then why not spread it.” From various sectors to industries, write your heart out and get noticed.
Explore Wisemonkeys now.(https://me.wisemonkeys.info/login)
For the Monkeys | By the Monkeys.
Add Comment
Technology, Gadget and Science Articles
1. Aumovio Makes Successful Stock Market DebutAuthor: Lochan Kaushik
2. Scraping Starbucks Coffee Trend Data For Gen Z
Author: Den Rediant
3. How A Bldc Fan With Light Enhances Home Décor And Functionality?
Author: Vikash Sharma
4. Uv Laser Marking Machine For Glass Wine Glasses
Author: Kate Green
5. Web Scraping Shopee Data For E-commerce Insights
Author: REAL DATA API
6. React.js State: A Complete Guide
Author: jatin
7. Manage Sales & Leasing With Our Advanced Real Estate Erp
Author: Focus Softnet
8. Shopee Data Scraping For Effective Business Growth Strategy
Author: Retail Scrape
9. Magicbricks And 99acres Data Scraping
Author: Actowiz Solutions
10. Real-time Shopee Product Data Scraping For Market Research
Author: REAL DATA API
11. Roi Of Professional Avatar Development: Why Quality Matters In The Metaverse
Author: LBM Solution
12. How Can Humanizing Ai Improve The Lives Of The Elderly?
Author: ada red
13. Edge Security Market Share Analysis By Offering Type
Author: Shreya
14. Scraping Real-time Grocery Prices Across Usa Platforms
Author: Den Rediant
15. Mongodb Aggregation Pipeline Optimization Guide For Mern Stack
Author: Mukesh Ram