wisemonkeys logo
FeedNotificationProfileManage Forms
FeedNotificationSearchSign in
wisemonkeys logo

Blogs

Vulnerabilities in OnePlus Devices

profile
Taha Chatriwala
Sep 05, 2017
0 Likes
2 Discussions
396 Reads
A shockingly bad news have been emerged for the OnePlus lovers. On January 26, 2017, a security researcher, “ Roee Hay of Aleph Research “  had discovered four vulnerabilities that affect all OnePlus handsets, including One, X, 2, 3 and 3T.  Roee and his team notified OnePlus team about four different vulnerabilities that they felt needed to be patched. Two of these have been marked as critical (CVE-2017-5948 & CVE-2017-8850) while the other two had their severity marked as high (CVE-2017-8851 & CVE-2016-10370). The team reported these to OnePlus in a responsible manner and with that came a 90-day disclosure deadline. Aleph Research went as far as to even extend this by 14 days, but they are still left unpatched. However, when OnePlus failed to release patches for the issues even after 90 days of responsible disclosure, and 14 days of additional ultimatum, the researcher decided to go public with the details of the vulnerabilities. One of the unpatched vulnerabilities allows Man-in-the-Middle (MitM) attack against OnePlus device users, allowing a remote attacker to downgrade the device’s operating system to an older version, which could then expand the attack surface for exploitation of previously disclosed now-patched vulnerabilities. Let’s see what those vulnerabilities are:
  1. OnePlus OTA Lack of TLS Vulnerability: CVE-2016-10370.

Roee Hay have claimed that OnePlus is rolling OS and security update over an unencrypted channel. According to them, OnePlus delivers OTA (over-the-air) updates over HTTP (Hypertext Transfer Protocol) without TLS (Transport Layer Security), enabling many to perform MitM attack on the devices.
  1. OnePlus OTA Downgrade Vulnerability: CVE-2017-5948.

This flaw allows a remote attacker to downgrade the operating system of a targeted OnePlus device, either running on OxygenOS or HydrogenOS, to an earlier version that may contain vulnerabilities disclosed previously. Since all the OnePlus OTAs of different ROMs and products are signed by the same digital key, the device will accept and install any OTA image, even if the bootloader is locked.   https://youtu.be/DnHwPQnv3N0 Security Researcher demonstrates how we can exploit CVE-2017-5948 & CVE-2016-10370 in order to downgrade OxygenOS from 4.1.3 to 4.0.0 via MiTM.
  1. Same product ROM Crossover (CVE-2017-8850).

This flaw allows a remote attacker to replace any version of OxygenOS on a targeted OnePlus device with any version of HydrogenOS, even on locked bootloaders. This attack is possible because of the fact that both ROMs use the same OTA verification keys.
  1. Different product ROM Crossover (CVE-2017-8851).

This flaw, which only affects OnePlus X and OnePlus One, is practically same as the above two, but in this case, a remote MiTM attacker can even replace the OS (Oxygen/Hydrogen) designed for OnePlus X with the OS (Oxygen/Hydrogen) designed for OnePlus One, even on locked bootloaders. This is because both the devices use the same OTA verification keys and share the same ro.build.product system property.  
"That could theoretically allow for exploitation of vulnerabilities patched on one image but not on the other, in addition to the expansion of the attack surface," Hay says. "Moreover, the vulnerability may result in having the device unusable until a Factory Reset is performed."
  All this flaws are still unpatched as on September 2017 despite of the fact that the researchers reported to the OnePlus team in January 2017 and then made it public in May 2017. ADVICE:  I would Suggest Oneplus users to avoid connecting to untrusted networks or public Wi-Fi networks as exploitation requires the attacker and the targeted device to be on the same network Source: Aleph Security Found it Interesting? Follow Me Here : Taha Chatriwala Stay Secure ! Stay Happy !!

Comments ()


Sign in

Read Next

How to Grow Your Brand on YouTube Without a Big Budget

Blog banner

Why Dry Fruits Make the Perfect Gifting Choice for Every Occasion?

Blog banner

Importance of education

Blog banner

Steps to create an Ubuntu EC2 Instance with GUI in AWS

Blog banner

Data Science in Healthcare: Predicting Diseases

Blog banner

How Harshad Valia International School is nurturing India’s Young Minds?

Blog banner

Blockchain uses and use cases

Blog banner

Yoga in INDIA and ABROAD

Blog banner

Why Makhana Is Becoming India’s Favourite Healthy Snack?

Blog banner

FIREWALL

Blog banner

Components of GIS

Blog banner

Data Science in Healthcare: Predicting Diseases

Blog banner

Technical Challenges and Directions for Digital Forensics

Blog banner

Telegram and it's features

Blog banner

Importance of Morning Routines for Students During the Festive Season

Blog banner

Introduction to Data Science: Life Cycle & Applications

Blog banner

WomenEmpowerment

Blog banner

Session Hijacking Techniques

Blog banner

Digital Footprints An Emerging Dimension of Digital Inequality

Blog banner

Deadlocks

Blog banner

Guidelines for a low sodium diet.

Blog banner

LinkedIn: Watch out for these 7 upcoming updates in 2023

Blog banner

Top 4 Places To Stay In Copenhagen

Blog banner

The Lunchbox That Came Back Untouched — How to Handle a Fussy Eater at Preschool Age

Blog banner

GIS Applications: How Different Industries are Leveraging Geospatial Data

Blog banner

10 Alien Encounters and Abduction Stories

Blog banner

Digital black market or dark net poses a national security threat?

Blog banner

Different types of scam Fraud

Blog banner

Why Peace River Is Florida’s Most Underrated Outdoor Adventure Destination?

Blog banner

Real Time Scheduling

Blog banner

Why You Should Not Use Free VPNs

Blog banner

CoWIN

Blog banner

What is service level Agreement?

Blog banner

Understanding Portion Control: How Much Food Do You Really Need?

Blog banner

The War With Cold On Earth

Blog banner

Digital Balance: Keeping Children Mindful in the Screen Age

Blog banner

A Brief Review on Cyber Forensics and its Analysis Tool

Blog banner

Network Forensics Tools and Techniques

Blog banner

Blockchain

Blog banner

Internet of Things

Blog banner

What is thread and alse multithreading

Blog banner

Therapy Myths That Need to End in 2025

Blog banner