This article was published on March 27, 2017

OnePlus 3 bug allowed attackers to hack your phone with malicious chargers


OnePlus 3 bug allowed attackers to hack your phone with malicious chargers

Researchers from Aleph Security have discovered a new vulnerability in OnePlus 3 and 3T that enabled attackers to use malicious chargers to surreptitiously break into your phone – without you ever realizing.

The attack essentially relies on two previously reported bugs – namely CVE-2017-5624 and CVE-2017-5626 – to bypass your handset’s defensive mechanisms and infect it with malicious code. What makes matters worse is that the hack allows for attackers to cover their tracks altogether.

The researchers have successfully demonstrated their proof of concept in two separate videos:

As you can observe in the footage, the malicious charger only proceeds to infect the device once it has been fully turned off.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

From this point on, attackers have temporary root access to your device at least until the next time someone reboots the device – granted it’s no longer plugged to the malicious charger. This enables the attackers to replace your genuine system partition with a malicious one.

Once the replacement has been completed, the victim receives absolutely no indication that the device has been tampered with, which makes the hack particularly nasty.

While the attack doesn’t readily grant access to user data during the first step, completing the second step will make such sensitive information available to the hackers.

The good thing is that the vulnerability appears to be limited only to OnePlus 3 and 3T, even though OnePlus 2 uses the same version of OxygenOS. Aleph Security has since detailed and disclosed the flaw to OnePlus, which has successfully patched the bug in its latest reiteration (4.0.3) OxygenOS.

For those more technically advanced, you can find the full vulnerability report along with all the small particularities at the Aleph Security blog here.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with