With major updates for the OnePlus 3 on the horizon there’s no doubt many users are constantly checking for that update to hit their devices. While that’s usually completely fine, a flaw in OnePlus’ system could turn this average task into something a bit more dangerous.
According to users on OnePlus forums as well as Reddit, OnePlus is currently using HTTP to transfer data between the phone and their own servers rather than the more secure HTTPS. This means that users who check for updates on public WiFi networks could put the IMEI number for their device at risk.
When that IMEI is transmitted between the device and OnePlus it’s clearly labeled as that and anyone with a bit of skill could easily grab that number. What could they do with it? The most likely scenario is that they would attempt to blacklist the IMEI which would make it appear as lost or stolen to OnePlus and most carriers and would leave the owner unable to activate the device on most networks.
For this to happen a OnePlus 3 owner would need to check for an update on a specific network along with someone trying to steal that IMEI at the same time. Obviously the odds of that are not great, but this is still an issue which could cause headaches for OnePlus 3 owners if it were to happen and it’s something OnePlus should definitely fix. We’ll update this post once OnePlus has issued a fix.
FTC: We use income earning auto affiliate links. More.