OnePlus Phones Hit by SMS Security Flaw in OxygenOS

OnePlus Phones Hit by SMS Security Flaw in OxygenOS

(TheVerge) Security researchers at Rapid7 have uncovered a serious vulnerability in OnePlus phones running OxygenOS, tracked as CVE-2025-10184. The flaw, if exploited, could allow attackers to hijack user accounts through malicious SMS messages.

What’s the problem?

  • The bug lies in OxygenOS’s built-in SMS handling system.
  • Crafted SMS messages can trick the device into executing unintended actions.
  • Attackers could exploit the flaw to:
    • Bypass authentication.
    • Hijack user accounts tied to phone numbers.
    • Launch phishing or malware campaigns by leveraging the trusted device.

This makes it especially dangerous for users who rely on SMS for two-factor authentication (2FA).

Impact

  • The flaw affects multiple OnePlus models running the latest OxygenOS builds.
  • While no mass exploitation has been confirmed, researchers warn that proof-of-concept attacks are circulating.

Fix & Recommendations

  • OnePlus has acknowledged the issue and promised a security update.
  • Until then, users are advised to:
    • Avoid clicking links in suspicious SMS messages.
    • Prefer app-based 2FA over SMS codes.
    • Keep an eye on OxygenOS security patches.

Bottom line: This vulnerability highlights how core smartphone features like SMS can become an unexpected security risk. Users should patch quickly once OnePlus releases its fix.

Source: https://www.theverge.com/news/786341/oneplus-sms-security-flaw-oxygenos-rapid7-cve-2025-10184