The Tell-Tale of CVE in OnePlus Phones
Hello everyone,
I’m an ethical hacker and excited to write my first blog on this platform. Recently, I have found a vulnerability in OnePlus mobile phones and thereby registered a CVE. This security flaw was related to OnePlus Locker, one of the features of OnePlus smartphones. Each OnePlus phone is provided with an inbuilt App Locker that can be enabled by the following steps:
Step 1: Go to Settings
Step 2: Click on Utilities
Step 3: Enable App Locker
Once you have entered the pin, the screen where you can add your apps to lock is displayed as shown below.
Once you are done with the changes of your choice, close the application and open Google Assistant. Now, give the below-mentioned command to Google:
“Message {Contact}”
[Note: Contact refers to a particular person you want to send text]
The Google Assistant will ask for the message that you want to send to the selected contact. Enter the required text and send it. Now, the noticeable part is that the Google Assistant will send the message without initiating the SMS application, which is already locked by the App Locker. You will see that the SMS is transmitted to the recipient while the SMS application remains in locked state under App Locker.
After opening the application, it was found that the message was actually sent without proper authentication.
Video POC of The Attack
Edits — Aashish Goela