The Tell-Tale of CVE in OnePlus Phones

2 min readOct 6, 2020

Hello everyone,

I’m an ethical hacker and excited to write my first blog on this platform. Recently, I have found a vulnerability in OnePlus mobile phones and thereby registered a CVE. This security flaw was related to OnePlus Locker, one of the features of OnePlus smartphones. Each OnePlus phone is provided with an inbuilt App Locker that can be enabled by the following steps:

Step 1: Go to Settings

Step 2: Click on Utilities

Step 3: Enable App Locker

Once you have entered the pin, the screen where you can add your apps to lock is displayed as shown below.

Once you are done with the changes of your choice, close the application and open Google Assistant. Now, give the below-mentioned command to Google:

“Message {Contact}”

[Note: Contact refers to a particular person you want to send text]

The Google Assistant will ask for the message that you want to send to the selected contact. Enter the required text and send it. Now, the noticeable part is that the Google Assistant will send the message without initiating the SMS application, which is already locked by the App Locker. You will see that the SMS is transmitted to the recipient while the SMS application remains in locked state under App Locker.