Subj : OnePlus phone flaw could let devices send out unwanted text messa To : All From : TechnologyDaily Date : Thu Sep 25 2025 19:30:09 OnePlus phone flaw could let devices send out unwanted text messages - so take care who you ping Date: Thu, 25 Sep 2025 18:29:00 +0000 Description: Flaw could also expose SMS 2FA codes, so you might want to move to a software-based authenticator. FULL STORY ======================================================================CVE-2025 -10184 lets attackers read and send SMS, including 2FA codes Vulnerability affects OxygenOS versions 12 to 15, used across many OnePlus devices Rapid7 disclosed flaw after failed contact; OnePlus has not yet released a fix A vulnerability in the software used in OnePlus smartphones could allow threat actors to send SMS messages on behalf of the victim, experts have warned. Even worse, it allows them to read SMS contents, including multi-factor authentication codes, in cases when SMS is set up as the secondary 2FA layer of choice, security researchers from Rapid7 reveaked. The team recently discovered a vulnerability in multiple versions of OxygenOS, the operating system built for OnePlus phones, and based on Googles Android, which affects the Telephony content provider in OxygenOS between versions 12 and 15, meaning the problem may have been plaguing devices for at least four years. Late response The researchers confirmed the flaw working on a OnePlus 8T device, running OxygenOS 12, as well as multiple OnePlus 10 Pro 5G units running OxygenOS 14 and 15. However, given how OnePlus builds and ships its phones, the researchers stressed that the list of vulnerable devices is a lot, lot longer. Rapid7 said that since detecting the issue in May 2025, it tried reaching out to OnePlus, but allegedly - to no avail. After a few failed attempts, the researchers published their findings together with a Proof-of-Concept (PoC) in September, after which OnePlus publicly acknowledged the bug and reportedly started investigating. However, by the time this article was published, OnePlus has still not released a fix, which means the bug is still exploitable on many of its devices. To stay safe, users should keep the number of installed apps to a minimum, install only those from reputable publishers, and switch away from SMS-based two-factor authentication . Furthermore, communication should be moved away from SMS messages into other apps, such as WhatsApp , Telegram, or similar. The vulnerability is now tracked as CVE-2025-10184, with a severity score of 8.2/10 (high). OnePlus is a subsidiary of Chinese smartphone manufacturer Oppo, and is known for building premium smartphones at a competitive price. Via BleepingComputer You might also like Nvidia and a Huawei subsidiary shared a building - and now it's being probed for Chinese espionage Take a look at our guide to the best authenticator app We've rounded up the best password managers ====================================================================== Link to news story: https://www.techradar.com/pro/security/oneplus-phone-flaw-could-let-devices-se nd-out-unwanted-text-messages-so-take-care-who-you-ping --- Mystic BBS v1.12 A49 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .