At the end of May, the Face Unlock function turned out to be easy fool on the OnePlus 6, allowing users to simply use a photo of the owner to access the smartphone. Today it appears that the OnePlus 6 is again vulnerable.
A smartphone is equipped with a locked (secured) boot loader, so that the device can not just be booted or flashed when it is hung on a computer. It now appears, however, that the OnePlus 6 lacks this function, so that anyone with a little understanding of things can just get access to the smartphone.
This appears from a study by Jason Donenfeld, president of Edge Security, reports XDA Developers . Also Android Police indicates that self testing shows that the device has a major security risk. Malicious persons only need physical access to the smartphone to break into.
Bootloader does not appear to be locked
So make sure that you do not just lend your OnePlus 6, because malicious people with knowledge of business can easily abuse this. A computer, cable and enough time to restart the device in bootloader / fastboot mode and put a custom image on it is enough. Normally the bootloader should be locked so that this is not possible. OnePlus has now responded to the news and indicates the following:
We take security seriously at OnePlus. We are in contact with the security researcher and a software update will be rolling out shortly.