OnePlus has always been in the news, but mostly for good reasons. However, this time, it’s not for good. Recent reports suggest that the company’s offerings have been exposed to insecure channels. As such, an intruder could actually affect your smartphone while using GPS. Sounds kind of confusing, no? Well, read on, and let’s find out what the entire issue is all about.
OnePlus phones downloading GPS data over insecure channels
A new report from PiunikaWeb suggests that the Chinese giant’s devices download some GPS data over insecure channels. In technical terms, they are downloading the almanac data via insecure HTTP channels. The issue was verified with the help of LineageOS contributor Louis Popi aka h2o64, and a bug report was filed to the OnePlus Forum in February.
According to the report, an intruder could modify the position data on your smartphone’s GPS. Thus, leading you to a completely different route. “Imagine a situation – you are using your phone’s GPS to navigate. Meanwhile, a network-level attacker from their secret hideout is doing a man-in-the-middle attack and modifying the position data to guide you to a completely different path,” noted the report.
So what’s next?
The report certainly sounds alarming. However, certain steps regarding this have already been taken. OnePlus community moderator Funk Wizard acknowledged and escalated the issue that was reported in February a little later. In fact, OnePlus has officially stated that the issue will be fixed “in the upcoming updates”. The company also claim that the reported code isn’t executing as suggested, but PiunikaWeb’s proofs certainly suggest otherwise. Nonetheless, we hope OnePlus to issue an update soon. We will update this article once we get a word from OnePlus directly, so make sure to stay tuned to Mr. Phone.