OnePlus Nord 2 is exposed to a dangerous vulnerability

From time to time vulnerabilities emerge that afflict the various devices available on the market and in the past few hours this has also happened to OnePlus Nord 2, which has a problem for which the Chinese manufacturer has not yet released a specific patch.

In particular, the vulnerability in question requires physical access to the device and the attacker on duty thanks to it has the possibility of obtaining an unrestricted root shell before the user can even enter their credentials.

OnePlus Nord 2 has a serious security problem

OnePlus no longer allows users to flash an update ZIP package via ADB sideloading stock recovery, and assuming everything else is configured as it should, the recovery environment of a regular Chinese manufacturer device should be al safe from any attackers providing any kind of payload using ADB.

Unfortunately, in the case of OnePlus Nord 2 this system runs into some problems and, apparently, anyone can generate an Android debug shell with root privileges within the recovery environment of that smartphone – all that needs to be done is to restart it in its recovery mode (an attacker can take the device and use a simple combination of hardware buttons to force it to switch to that mode).

Join RealMi Central on Telegram, Facebook & Twitter

This vulnerability was discovered last month by a member of the XDA Developers community who explained that it is sufficient to press the low volume and power keys at the same time when the OnePlus Nord 2 is off until you see the OnePlus logo with a small banner. “RECOVERY MODE” in the lower-left corner of the screen and then the menu for choosing the language should be displayed, beyond which it is not necessary to go, as it is possible to start the ADB access already from this point.

It seems that every model of the OnePlus Nord 2 is vulnerable and the developer team of the Chinese manufacturer, already informed of the problem, immediately set to work to find a solution to it, to be implemented through a future update. Until that moment, the owners of this smartphone must be careful not to leave their phone in the physical availability of those who can be considered “dangerous”.

Leave a Comment