OnePlus has started rolling out the latest November 2021 security update to the OnePlus 9 series and Nord N200. However, the company has left behind an easy to exploit backdoor within OnePlus Nord 2 which offers ROOT Shell access to anyone without unlocking the Bootloader.
OnePlus is keeping OxygenOS alive and well, for now. On one hand, the company is actively sending out Security Updates, but on the other, it has left a vulnerability that grants Root Shell access.
November 2021 security update out for the OnePlus smartphones:
OnePlus recently rolled out OxygenOS 12 Open Beta 2 for the OnePlus 9 and OnePlus 9 Pro. Now, OxygenOS 18.104.22.168 is rolling out to the OnePlus 9 and OnePlus 9 Pro.
The update is about 119MB in size, which may appear small, but OnePlus claims it includes an optimized app experience, November security patches, and improved system stability. The latest Security Update is gradually rolling out to users in India, Europe, and other markets.
— National Cyber Security (@NcsVentures) November 26, 2021
OnePlus hasn’t offered many details about the update. The changelog is as follows:
- Optimized the third-party app experience
- Updated Android security patch to 2021.11
- Improved System stability and fixed known issues
Oneplus 9 Pro Software Update: OxygenOS 22.214.171.124 with November 2021 Security Patch
— Updatify Now (@updatifynow) November 26, 2021
In addition to the OnePlus 9 series, OnePlus is also rolling out a new update to the Nord N200. It’s a minor update that bumps the security patch level to November 2021 and includes “general improvements.”
- Android security patch upgraded to November 2021
- General improvements
OnePlus leaves behind Root Shell Vulnerability within Nord 2 granting easy access to Superuser without unlocking Bootloader:
OnePlus doesn’t allow users to flash an “Update” ZIP package through its stock recovery via ADB sideload. Hence, a regular OnePlus device’s recovery environment should be safe while delivering any kind of payload using ADB.
However, researchers have reportedly discovered that anyone can spawn an Android debugging shell with root privilege inside the recovery environment of the OnePlus Nord 2.
To gain ROOT access privileges, OnePlus Nord 2 owners merely need to reboot the device into its Recovery Mode. Concerningly, users need not even enter the Recovery Mode completely, as the vulnerability section is already active and usable.
OnePlus Nord 2 has a vulnerability that grants root shell access within minutes on a locked bootloader, without a data wipe https://t.co/HGNVhBAhWw
— XDA (@xdadevelopers) November 26, 2021
At the language selection menu of the Recovery Mode, connect the OnePlus Nord 2 to a PC. There should be a new Android USB debugging interface in the Device Manager.
Now run the command: adb devices. It should list the Nord 2 in recovery mode. Owners may receive a “device unauthorized” error. However, wiping out the host PC’s existing ADB RSA key database and restarting the ADB server should eliminate the same.
To gain Root access, merely execute the command: adb root.
Owners may receive a Timeout Error. However, ADB should be running as ROOT. Run adb shell whoami to confirm.
Needless to mention, ROOT access is quite dangerous in the hands of an inexperienced user. Such high-level access could open doors to exploits and data exfiltration.
It appears OnePlus is aware of the security loophole. Hence, it is merely a matter of time before the company patches the same.