This time, the company has left a rather interesting (read: worrying) vulnerability unpatched on the OnePlus Nord 2 since its release.

Although exploiting the loophole requires physical access to the device, the attacker can effectively gain an unrestricted root shell before the user can even enter their credentials.

Nowadays, when we talk about having root access on an Android smartphone, people usually think about patching the stock boot image with Magisk first and then flashing the patched image to the target device after bootloader unlocking?

Even on a userdebug build, the Android Debug Bridge Daemon (adbd) runs as root, so that one can have privileged shell access for debugging purposes.

Other than that, there is no ADB access permitted in an OEM-provided recovery environment.

Assuming that everything else is configured as it should, a regular OnePlus device’s recovery environment should be safe from attackers delivering any kind of payload using ADB.

As it turns out, anyone can spawn an Android debugging shell with root privilege inside the recovery environment of the OnePlus Nord 2.

All you need to do is reboot the OnePlus Nord 2 to its recovery mode.

Last but not least, even if you don’t have developer options unlocked, the phone will automatically prompt for USB debugging access after you invoke ADB in recovery and reboot to the regular Android environment, which means the vulnerability’s scope is not limited to just the recovery section only.

As mentioned earlier, you can exploit this vulnerability on both the regular and the special Pac-Man edition of the OnePlus Nord 2.

We have successfully gained root shell access on the latest public Indian and the European OxygenOS firmware for the device, which means every single OnePlus Nord 2 unit out there is vulnerable at the time of writing this article!

While all of this seems scary, keep in mind that an attacker will still need to physically access the phone in order to gain root shell access

Until OnePlus rolls out an update that patches the vulnerability, try to keep your OnePlus Nord 2 away from strangers

XDA » News In-Depth » OnePlus Nord 2 has a vulnerability that grants root shell access within minutes on a locked bootloader, without a data wipe