For obvious security reasons, Android requires users to take a number of steps before it should be possible to unlock a smartphone’s bootloader and boot a modified firmware image. But with the OnePlus 6, these security measures appear to be ineffective as anyone with physical access to the device can jump right past its locked bootloader.
Amazon Kindle Paperwhite
As discovered by Jason Donenfeld (zx2c4 on XDA-Developers), president of Edge Security LLC, you can boot any type of modified image you like to the OnePlus 6 even when the bootloader is locked. Even crazier, as you can see from the video below, USB debugging doesn’t need to be turned on. All someone needs to do is plug the phone into their computer, restart the device into Fastboot mode, and transfer over the modified boot image.
The security vulnerability was verified by AndroidPolice who were able to boot TWRP on their bootloader-locked OnePlus 6 without issue. As they point out, this would be a quick and easy way for someone to grant themselves root access and allow them to do whatever they like.
All of this comes on the heels of users discovering the fact that the OnePlus 6’s face unlock feature could be tricked by a printed out picture. Of course, these two things are in completely different realms as OnePlus warns users that face unlock is less secure than other security measures while the ability to bypass a locked bootloader is a system-level vulnerability.
OnePlus has yet to release a statement about this problem or when a fix will become available. In the meantime, you don’t need to worry too much about someone getting into your OnePlus 6 as they would need physical access to your device.
Update: OnePlus has released the following statement, promising a quick fix:
We take security seriously at OnePlus. We are in contact with the security researcher, and a software update will be rolling out shortly.