CVE-2017-5948

Name of the Vulnerable Software and Affected Versions OnePlus devices (One, X, 2, 3, and 3T) running OxygenOS and HydrogenOS (affected versions not specified)

Description The issue allows for downgrade attacks due to a lenient 'updater-script' in OTAs that does not check the current version against the given image's version. This enables downgrades to occur even on locked bootloaders and without triggering a factory reset, potentially exploiting now-patched vulnerabilities and accessing user data. The vulnerability can be exploited by a Man-in-the-Middle (MiTM) attacker targeting the update process, as the update transaction does not occur over TLS. Additionally, a physical attacker can reboot the phone into recovery and use 'adb sideload' to push the OTA, provided 'Secure Start-up' is off on OnePlus 3/3T devices.

Recommendations For OnePlus One, X, 2, 3, and 3T devices running OxygenOS and HydrogenOS, consider disabling the OTA update feature until a patch is available to prevent potential downgrade attacks. Restrict physical access to the devices to minimize the risk of exploitation by a physical attacker. Avoid using public or unsecured networks for updating the devices to reduce the risk of Man-in-the-Middle attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.