Researchers from Aleph Security have discovered a new vulnerability in OnePlus 3 and 3T that enabled attackers to use malicious chargers to surreptitiously break into your phone – without you ever realizing.
The attack essentially relies on two previously reported bugs – namely CVE-2017-5624 and CVE-2017-5626 – to bypass your handset’s defensive mechanisms and infect it with malicious code. What makes matters worse is that the hack allows for attackers to cover their tracks altogether.
The researchers have successfully demonstrated their proof of concept in two separate videos:
As you can observe in the footage, the malicious charger only proceeds to infect the device once it has been fully turned off.
From this point on, attackers have temporary root access to your device at least until the next time someone reboots the device – granted it’s no longer plugged to the malicious charger. This enables the attackers to replace your genuine system partition with a malicious one.
Once the replacement has been completed, the victim receives absolutely no indication that the device has been tampered with, which makes the hack particularly nasty.
While the attack doesn’t readily grant access to user data during the first step, completing the second step will make such sensitive information available to the hackers.
The good thing is that the vulnerability appears to be limited only to OnePlus 3 and 3T, even though OnePlus 2 uses the same version of OxygenOS. Aleph Security has since detailed and disclosed the flaw to OnePlus, which has successfully patched the bug in its latest reiteration (4.0.3) OxygenOS.
For those more technically advanced, you can find the full vulnerability report along with all the small particularities at the Aleph Security blog here.