CVE-2017-8850 : What You Need to Know
Discover the impact of CVE-2017-8850 on OnePlus devices including One, X, 2, 3, and 3T. Learn about the vulnerability allowing attackers to switch ROMs and exploit patched vulnerabilities.
A vulnerability has been discovered on multiple OnePlus devices including OnePlus One, X, 2, 3, and 3T due to a lenient updater-script in the OnePlus OTA images and the use of the same OTA verification keys for both ROMs. This vulnerability allows attackers to install HydrogenOS over OxygenOS and vice versa, even on locked bootloaders, expanding the attack surface.
Understanding CVE-2017-8850
This CVE highlights a security issue on various OnePlus devices that can be exploited by attackers during the update process.
What is CVE-2017-8850?
The vulnerability arises from the lenient updater-script in OnePlus OTA images and the shared OTA verification keys between ROMs, enabling attackers to switch between ROMs and exploit vulnerabilities across different images.
The Impact of CVE-2017-8850
- Attackers can install HydrogenOS over OxygenOS and vice versa, even on locked bootloaders, leading to an expanded attack surface.
- Man-in-the-Middle (MiTM) attackers can exploit the vulnerability during the update process.
- The absence of TLS during the update transaction exposes devices to potential attacks.
- Physical attackers can use 'adb sideload' to push the OTA if 'Secure Start-up' is disabled on OnePlus 3/3T.
Technical Details of CVE-2017-8850
This section provides detailed technical insights into the vulnerability.
Vulnerability Description
The vulnerability allows for the installation of different ROMs on OnePlus devices, enabling the exploitation of patched vulnerabilities across ROMs.
Affected Systems and Versions
- Affected devices: OnePlus One, X, 2, 3, and 3T.
- All versions are impacted due to the shared OTA verification keys.
Exploitation Mechanism
- Attackers exploit the lenient updater-script to switch between ROMs.
- Man-in-the-Middle attackers target the update process to carry out attacks.
- Physical access allows attackers to push OTA updates using 'adb sideload'.
Mitigation and Prevention
Protecting devices from CVE-2017-8850 requires immediate actions and long-term security practices.
Immediate Steps to Take
- Ensure 'Secure Start-up' is enabled on OnePlus 3/3T.
- Regularly monitor for unauthorized ROM installations.
- Implement secure update mechanisms.
Long-Term Security Practices
- Enable secure boot mechanisms to prevent unauthorized ROM installations.
- Conduct security audits to detect vulnerabilities.
Patching and Updates
- Apply official patches and updates from OnePlus to address the vulnerability.