Experts Warn: These Popular Android Phones Are Under Attack
Read in other languages:
OnePlus smartphones are among the best Android devices, offering high-end hardware at a lower price than many rivals. But like other devices, they are not immune to security threats and attacks. That is the case today, as security researchers have discovered a critical bug in OxygenOS that puts users at risk of spying and data theft, potentially affecting millions of OnePlus devices.
The bug is part of the CVE-2025-10184 vulnerability in mobile devices. It has affected other Android vendors, but the report highlights that this bug remains unpatched in OnePlus devices and can continue to be exploited by attackers, according to Rapid7, which discovered the issue through Calum Hutton.
- Also read: OnePlus 13 Review
Attackers Can Access SMS Data Without Your Permission
The vulnerability lies in the messaging app, allowing bad actors and fraudsters to bypass Android's core permissions for telephony and messaging. This gives them access to SMS and MMS messages, including sensitive data, without the user's permission or any alert.
According to the researchers, this type of vulnerability can be used by attackers and even state-sponsored groups to spy on high-profile individuals such as politicians, activists, lawyers, and political dissidents. It could also be used to extract information for other forms of attack.
Beyond that, anyone with an affected device could become a victim of attackers stealing information that may be used to siphon bank accounts, especially with financial services that rely on SMS-based two-factor authentication.
Millions of OnePlus Phones Could Be at Risk
As for affected models, the group stated that this is a software flaw in OxygenOS rather than a hardware issue. The bug was introduced with OxygenOS 12, while OxygenOS 11 was tested and found unaffected. The impacted versions include OxygenOS 15, 14, and 12, and have been tested on the OnePlus 8T and OnePlus 10 Pro 5G. This puts millions of devices globally at potential risk.
The researchers have reached out to OnePlus, and so far, the company has acknowledged the presence of the security flaw. It has said it will investigate the issue, though no exact date for a fix has been provided.
What OnePlus Users Can Do to Stay Safe
If you own a OnePlus phone running one of these versions, it is advisable to enable RCS or Rich Communication Services, which offer encryption for messages. You should also switch to app-based authentication instead of SMS-based two-factor authentication.
Another safeguard is to avoid installing apps from unknown or third-party sources outside the Play Store. This reduces the risk of sophisticated attacks and spying. Checking and removing permissions for unused apps is also recommended. Furthermore, it is advised to update your device and apps to the latest software.
For those in vulnerable positions who are more likely to be targeted, Android phones offer Advanced Protection. When enabled, it provides extra guardrails, including blocking malicious apps and websites, and disabling less secure 2G networks.
We want to hear your safety tips. Share them with us in the comments.
