{"id":164626,"date":"2025-09-27T21:47:15","date_gmt":"2025-09-27T21:47:15","guid":{"rendered":"https:\/\/www.newsbeep.com\/uk\/164626\/"},"modified":"2025-09-27T21:47:15","modified_gmt":"2025-09-27T21:47:15","slug":"your-oneplus-phone-is-probably-at-risk-from-a-major-sms-vulnerability","status":"publish","type":"post","link":"https:\/\/www.newsbeep.com\/uk\/164626\/","title":{"rendered":"Your OnePlus phone is probably at risk from a major SMS vulnerability"},"content":{"rendered":"<p class=\"duet--article--dangerously-set-cms-markup duet--article--standard-paragraph _1ymtmqpi _17nnmdy1 _17nnmdy0 _1xwtict1\">The majority of OnePlus phones in use today may be vulnerable to a security flaw that leaves SMS and MMS data exposed, and it won\u2019t be patched until mid-October. Only OnePlus phones still running 2020\u2019s OxygenOS 11 or earlier are believed to be safe from the flaw.<\/p>\n<p class=\"duet--article--dangerously-set-cms-markup duet--article--standard-paragraph _1ymtmqpi _17nnmdy1 _17nnmdy0 _1xwtict1\">Security company Rapid7 was <a href=\"https:\/\/www.rapid7.com\/blog\/post\/cve-2025-10184-oneplus-oxygenos-telephony-provider-permission-bypass-not-fixed\/\" rel=\"nofollow noopener\" target=\"_blank\">first to discover the vulnerability<\/a>, which relates to changes OnePlus made to the Telephony service within Android. The long and short of it is that it would allow installed apps to access SMS data \u201cwithout permission, user interaction, or consent.\u201d The company found the flaw on devices running OxygenOS 12, 14, and 15, though reported that the older OxygenOS 11, based on Android 11, is not vulnerable. While Rapid7 only tested two types of hardware \u2014 the OnePlus 8T and 10 Pro 5G \u2014 it says the flaw \u201caffects a core component of Android,\u201d and so is unlikely to be hardware-specific.<\/p>\n<p class=\"duet--article--dangerously-set-cms-markup duet--article--standard-paragraph _1ymtmqpi _17nnmdy1 _17nnmdy0 _1xwtict1\">OnePlus has admitted to the issue, but in a statement given to <a href=\"https:\/\/9to5google.com\/2025\/09\/25\/oneplus-devices-have-a-big-sms-vulnerability-but-a-patch-is-finally-on-the-way\/\" rel=\"nofollow noopener\" target=\"_blank\">9to5Google<\/a> by an unnamed spokesperson it says a fix won\u2019t arrive until mid-October at the earliest.<\/p>\n<p class=\"duet--article--dangerously-set-cms-markup ewrhy38 _1xwtict1\">We acknowledge the recent disclosure of CVE-2025-10184 and have implemented a fix. This will be rolled out globally via software update starting from mid-October. OnePlus remains committed to protecting customer data and will continue to prioritize security improvements.<\/p>\n<p class=\"duet--article--dangerously-set-cms-markup duet--article--standard-paragraph _1ymtmqpi _17nnmdy1 _17nnmdy0 _1xwtict1\">Rapid7 announced the discovery on its blog on Monday this week, but OnePlus didn\u2019t respond until Wednesday. Rapid7 says it tried and failed to contact OnePlus privately to discuss the problem, and only turned to a public disclosure after also ruling out the company\u2019s bug bounty program because of its \u201crestrictive Non Disclosure Agreement.\u201d<\/p>\n<p class=\"duet--article--dangerously-set-cms-markup duet--article--standard-paragraph _1ymtmqpi _17nnmdy1 _17nnmdy0 _1xwtict1\">Until the flaw is patched, Rapid7 recommends that OnePlus device owners should only install apps from trusted sources, uninstall any unnecessary ones, switch to encrypted messaging apps, and use authenticator apps rather than SMS-based two-factor authentication.<\/p>\n","protected":false},"excerpt":{"rendered":"The majority of OnePlus phones in use today may be vulnerable to a security flaw that leaves SMS&hellip;\n","protected":false},"author":2,"featured_media":164627,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16],"tags":[2306,50,17502,227,86,56,54,55],"class_list":{"0":"post-164626","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-mobile","8":"tag-mobile","9":"tag-news","10":"tag-oneplus","11":"tag-tech","12":"tag-technology","13":"tag-uk","14":"tag-united-kingdom","15":"tag-unitedkingdom"},"_links":{"self":[{"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/posts\/164626","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/comments?post=164626"}],"version-history":[{"count":0,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/posts\/164626\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/media\/164627"}],"wp:attachment":[{"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/media?parent=164626"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/categories?post=164626"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/tags?post=164626"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}