In a vulnerability discovered by XDA member zx2c4 (via Android Police) who is also a security researcher named Jason Donenfeld and president of Edge Security, it seems that the bootloader has a vulnerability that allows anyone to load up codes onto it, even if it was locked. This vulnerability has since been confirmed by the folks at Android Police.
The semi-good news is that this vulnerability would require the attacker to have full access to your device physically, which means that as long as your phone is with you at all times, you should in theory be safe from this particular threat. However since no one wants to baby their phones all the time, a fix is ultimately the best way to address this, something that OnePlus has promised.
In a statement made to Android Police, the company has promised that a fix is on its way. “We take security seriously at OnePlus. We are in contact with the security researcher, and a software update will be rolling out shortly.”
- 402 PPI
- f/1.7 Aperture
- No Wireless Charg.
- Snapdragon 845