OnePlus 6 has bootloader flaw that allows aribtrary or modified images to boot even when locked

A locked bootloader is supposed to protect the original software loaded on your phone, preventing you from booting arbitrary or modified images placed on the device. However, a vulnerability with the bootloader on the OnePlus 6 will allow you to boot arbitrary or modified images even if the bootloader is locked. This flaw was discovered by XDA member Jason Donenfeld, who is president of Edge Security LLC.

To take advantage of the vulnerability, a hacker needs to not only have physical access to your OnePlus 6, he also has to have your phone hooked up with a PC. From there, it is a simple matter of restarting the handset in Fastboot and loading the modified image. Android Police was able to install the TWRP recovery on a OnePlus 6 even with the bootloader locked. This could allow some ne'er do well to give themselves root access to your device and have his/her way with the handset.

If you're like many of us and you worry about sharing your phone with anyone (including family members) for fear that it will end up with a cracked screen on the floor, drenched from a swim in the toilet, or melted on the stove, you probably shouldn't worry about this too much. After all, this group of smartphone owners usually have their phones on them 24/7, or at least always know where they are at all times.

OnePlus has issued a statement today, stating that it plans on talking to Mr. Donenfeld and promising to issue a software update.

source: XDA

Related phones

  • Display 6.3" 1080 x 2280 pixels
  • Camera 16 MP / 16 MP front
  • Processor Qualcomm Snapdragon 845, Octa-core, 2800 MHz
  • Storage 256GB
  • Battery 3300 mAh



1. ishaqthkr

Posts: 159; Member since: Mar 26, 2015

That's more open than Mia Khalifa then

2. ijuanp03

Posts: 686; Member since: Dec 30, 2014

What would you expect from a cheap company.

5. Zylam

Posts: 1823; Member since: Oct 20, 2010

The story of Android, choice at the cost of quality,

7. iushnt

Posts: 3174; Member since: Feb 06, 2013

You are generalizing whole android with it.

12. deleon629 unregistered

At the cost of not-so-obvious planned obsolesce, seeing features magically disappear & prices magically increase with each generation, no bending...Need I say more?

24. andrewc31394

Posts: 310; Member since: Jun 23, 2012

oh snap Apple fanboy startin' a fire in the comments section lol

11. deleon629 unregistered

My thoughts exactly. To all the happy customers who didn't think the specs & price was just too good to be true. Moral is: You get exactly what you pay for.

3. Botnet64

Posts: 20; Member since: Apr 09, 2018

KeyTwo : two expensive OnePlus 6 : “pro-consumer” priced magic machine

4. iPhoneFanboy

Posts: 286; Member since: Apr 21, 2018

Face unlocked by photos and now this?

8. mootu

Posts: 1541; Member since: Mar 16, 2017

Bit like Face ID that has been unlocked by masks, relatives, non relatives who look similar to the owner etc. OnePlus only charges you half of the price of the X for the privelage though so it's all fine.

14. iPhoneFanboy

Posts: 286; Member since: Apr 21, 2018

multi million dollar masks created meticulously and tediously by professionals vs a photo off the internet or someones living room... LOL ok. twins, yes, good job! I'll pass on the cheap chinese company.

17. RebelwithoutaClue unregistered

Multi million dollar masks? Hahaha that is a good one. More like 20 bucks. Not even a professional one, just a normal person.

20. iPhoneFanboy

Posts: 286; Member since: Apr 21, 2018

Do some research, you sound of low intelligence.

21. RebelwithoutaClue unregistered

Don't need to do research, there was an article about it and there was no need to spend millions. Are you that insecure that you need to get personal instead of coming with good arguments? Seems you suffer from the Dunning–Kruger effect, but that's okay.

22. iPhoneFanboy

Posts: 286; Member since: Apr 21, 2018

The mask costed $150 in materials but over a million dollars in a required sophisticated facial scanning system to produce data for said mask. Educate yourself, fool. /unfollowed for wasting my time here with a clown.

23. RebelwithoutaClue unregistered

Not true, they used a pretty simple handheld scanner. Which doesn't cost millions in dollars. Not even close. So keep telling yourself this and perhaps it will come true some day. Awwww this one is butt-hurt hahaha. You're too funny

6. Cyberchum

Posts: 1133; Member since: Oct 24, 2012

That is a threatening flaw, but dev communities' dream, however.

9. Loveneesh

Posts: 451; Member since: Jul 14, 2015

Changeable bootloader even when the bootloader is locked. Reminds me of cyanogen OS. the best customizable os and even based on stock Android not on ios inspired heavy skins. I firstly root my phone and install cyanogen in almost every phone I had. Lineage OS is no way near the cyanogenmod was and doesn't feel that cool now.

10. VasiliS7

Posts: 204; Member since: Jan 10, 2017

They are busy with the speed no time for security.

* Some comments have been hidden, because they don't meet the discussions rules.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless