By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Home
  • News
  • Technology
  • Games
  • Review
Reading: OnePlus 3 could be hacked over charger
Share
Notification Show More
Latest News
Is $12.4B a fair price for Qualtrics?
March 7, 2023
7 investors reveal what’s hot in fintech in Q1 2023
March 7, 2023
Facebook’s latest test brings back in-app messaging
March 7, 2023
I forgot how good the Apple Watch Ultra’s GPS is until I tried track detection
March 7, 2023
TechCrunch+ roundup: Building a core AI team, Brazil’s CVC climate, remote work rituals
March 7, 2023
Home
Search
  • News
  • Technology
  • Games
  • Review
Have an existing account? Sign In
Follow US
© 2022 Foxiz News Network. Ruby Design Company. All Rights Reserved.
News / Technology /

OnePlus 3 could be hacked over charger

Published March 29, 2017
Last updated: 2017/03/29 at 8:21 AM
Share

Security researchers have found a large gap in the OnePlus 3 and OnePlus 3T, with which the smartphones could apparently be hacked over a charger.

OnePlus 3

Researchers from the Aleph Security group, who find security vulnerabilities in electronic devices, had found a way to hack a OnePlus 3 or OnePlus 3T with a charger.

All that was needed was a charger which was able to operate a Linux shell – in principle, the whole thing also worked on a PC, which turned out to be a charger.

Once the OnePlus 3 is connected to the malicious charger, it could simply send the smartphone to Fastboot mode, bypass or unlock the boot loader, and secure ADB access rights (Android Debug Bridge).

From this point on, for example, the Boot logo could be exchanged in the Bootloader or a CustomROM could be played.

The researchers, however, pushed the game further and ran a shell with root privileges on the OnePlus 3.

This enabled, for example, an espionage app on the smartphone, which passed all inputs and stored data to third parties – without sacrificing the victim.

In principle, the smartphone was in the hands of the attackers from this point until the connection to the charger was disconnected and even then it could be too late.

The charger did not have access to the stored data because the data partition was separated and encrypted, but once the device was started and unlocked normally, an infected app could transfer this data via the Internet connection.

In a video, the researchers show how the vulnerability has been exploited and the system partition overwritten.

OnePlus has made changes to the source code

The security gap resulted from an incorrect ADB setting, which starts the OnePlus 3 when connected to a charger. Normally the Smartphone goes into the “Charger boot mode”, as soon as a charger is attached, which was also the case here.

However, within the initialization instances, different ADB variables were set differently, which is why the ADB access was granted.

Interestingly, the access rights to the Android Debug Bridge in the source code since Android 4.1 Jelly Bean are blocked as standard, as soon as the smartphone hangs on a charger.

OnePlus had apparently made a few changes, which caused the security gap. Why the company had changed the values in the variables does not reveal itself to the researchers.

Security gap already stuffed

However, OnePlus has already reacted and has already exchanged the affected lines in the source code in a patch, which is why this method can no longer be used.

However, the whole thing shows in a clear way that even a charger can be incredibly dangerous.

You Might Also Like

RTX 4080 Founders Edition, a first photo leaked

USB4 V2 promises twice the speed

Lenovo raises the bar for Chrome OS with the IdeaPad 5i

Starting a business or your own company in 2022

The Ryzen 9 7950X will reach a frequency of 5.85 GHz in turbo mode, almost 1 GHz more than the Ryzen 9 5950X

TAGGED: Android Jelly Bean, OnePlus 3, OnePlus 3T
Alin Pogan March 29, 2017
Share
Previous Article Download iOS 10.3 and MacOS Sierra 10.12.4 now available
Next Article MGCOOL Explorer series action camera happy sale on coolicool 
Leave a comment Leave a comment

Leave a Reply Cancel reply

You must be logged in to post a comment.

Keyboard Apps Suited for Android Devices
Technology
MGCOOL Explorer 2, built-in gyroscope to achieve image stabilization
Technology

© Giplay News Network. All Rights Reserved.

  • About
  • Advertise
  • Privacy Policy
  • Contact

Removed from reading list

Undo
Welcome Back!

Sign in to your account

Lost your password?