Close Menu

    Subscribe to Updates

    Get the latest tech news from Tallwire.

      What's Hot

      Social Media Ban Proposal Sparks Fears of Collateral Damage for Educational Technology Firms

      July 16, 2026

      Washington’s Intel Gamble Begins Delivering Strategic Results

      July 16, 2026

      U.S. Biotechs Turn to Secrecy as China Accelerates Drug Development Race

      July 16, 2026
      Facebook X (Twitter) Instagram
      • Tech
      • AI
      • Get In Touch
      Facebook X (Twitter) LinkedIn
      TallwireTallwire
      • Tech

        U.S. Biotechs Turn to Secrecy as China Accelerates Drug Development Race

        July 16, 2026

        Fiat Bets on Tiny EV as Affordable Transportation Returns to the Spotlight

        July 15, 2026

        Personalized UVB Device Promises Vitamin D Benefits While Raising Questions About Medicalizing Everyday Health

        July 15, 2026

        Meta Patent Ignites Fresh Fears Over AI-Powered Emotional Surveillance

        July 14, 2026

        AI Protesters March on Silicon Valley Giants Demanding Development Freeze

        July 14, 2026
      • AI

        Washington’s Intel Gamble Begins Delivering Strategic Results

        July 16, 2026

        AI Chatbots Face Growing Scrutiny as Mental Health Risks Draw Medical Alarm

        July 16, 2026

        U.S. Biotechs Turn to Secrecy as China Accelerates Drug Development Race

        July 16, 2026

        Record Industry Pushes for AI Labels on Streaming Music

        July 15, 2026

        AI Chatbots Increasingly Clash With Eating Disorder Treatment

        July 15, 2026
      • Security

        Social Media Ban Proposal Sparks Fears of Collateral Damage for Educational Technology Firms

        July 16, 2026

        China’s AI Distillation Campaign Raises New Concerns Over U.S. Technology Security

        July 13, 2026

        AI Tools Increasingly Exploited by Terrorist Organizations, New Research Finds

        July 13, 2026

        Pentagon Expands Engineering Recruitment to Restore America’s Military Technology Edge

        July 13, 2026

        EU Lawmakers Advance Controversial Private Message Scanning Measure Despite Mounting Privacy Concerns

        July 12, 2026
      • Health

        AI Chatbots Face Growing Scrutiny as Mental Health Risks Draw Medical Alarm

        July 16, 2026

        AI Chatbots Increasingly Clash With Eating Disorder Treatment

        July 15, 2026

        Personalized UVB Device Promises Vitamin D Benefits While Raising Questions About Medicalizing Everyday Health

        July 15, 2026

        Humanoid Robots Complete First Live Surgical Procedures in Medical Milestone

        July 14, 2026

        Meta Patent Ignites Fresh Fears Over AI-Powered Emotional Surveillance

        July 14, 2026
      • Science

        AI Chatbots Face Growing Scrutiny as Mental Health Risks Draw Medical Alarm

        July 16, 2026

        U.S. Biotechs Turn to Secrecy as China Accelerates Drug Development Race

        July 16, 2026

        Scientists Advance “StormWall” Concept to Defend Earth from Catastrophic Solar Storms

        July 15, 2026

        Personalized UVB Device Promises Vitamin D Benefits While Raising Questions About Medicalizing Everyday Health

        July 15, 2026

        Humanoid Robots Complete First Live Surgical Procedures in Medical Milestone

        July 14, 2026
      • Tech

        AI Protesters March on Silicon Valley Giants Demanding Development Freeze

        July 14, 2026

        Palo Alto Networks CEO Warns AI Costs Must Plunge Before Enterprise Adoption Can Accelerate

        July 14, 2026

        DeepMind Unionization Effort Encounters Early Resistance as Labor Talks Stall

        July 11, 2026

        Always-On Workplace Culture Pushes Employees Toward the Breaking Point

        July 10, 2026

        High-Income Families Embrace AI-Driven Schools as Alternative Education Expands

        July 9, 2026
      TallwireTallwire
      Home»Tech»OnePlus Faces SMS Exploit, Patch Promised for October
      Tech

      OnePlus Faces SMS Exploit, Patch Promised for October

      Updated:December 25, 20253 Mins Read
      Facebook Twitter Pinterest LinkedIn Tumblr Email
      OnePlus Faces SMS Exploit, Patch Promised for October
      OnePlus Faces SMS Exploit, Patch Promised for October
      Share
      Facebook Twitter LinkedIn Pinterest Email

      OnePlus smartphones running OxygenOS 12 through 15 are vulnerable to a serious permission-bypass exploit (CVE-2025-10184), allowing any installed app to silently read SMS, MMS, and associated metadata without user consent or explicit permission; the flaw was publicly disclosed by security researchers at Rapid7 after repeated failed attempts to coordinate with OnePlus, and the company has since committed to rolling out a fix globally starting mid-October.

      Sources: 9t05 Google, Rapid7

      Key Takeaways

      – The vulnerability stems from OnePlus’s modifications to the Android Telephony content providers (e.g. PushMessageProvider, PushShopProvider, ServiceNumberProvider) which lacked write permissions and were vulnerable to blind SQL injection, enabling apps to bypass READ_SMS restrictions.

      – The flaw enables attackers to exfiltrate SMS content — including one-time codes used for SMS-based multi-factor authentication — thereby weakening a key security defense.

      – Until the patch arrives, users should minimize installed apps to only trusted sources, transition from SMS-based 2FA to authenticator apps, and avoid using SMS for high-sensitivity communication.

      In-Depth

      In a move that’s raising serious security alarms in the mobile world, researchers at Rapid7 have unveiled a permission-bypass vulnerability in OnePlus devices that could quietly expose your text messages to malicious apps. The flaw, labeled CVE-2025-10184, is believed to affect devices running OxygenOS versions 12 through 15, and was introduced when OnePlus altered core Android Telephony components. Under normal operations, Android enforces strict permissions around SMS and MMS access — apps must explicitly request READ_SMS or related permissions and users must grant consent. But OnePlus’s changes introduced new content providers (PushMessageProvider, PushShopProvider, ServiceNumberProvider) without proper write restrictions, leaving them open to abuse. By chaining blind SQL injection techniques, a malicious app can infer or outright exfiltrate SMS content without triggering any user prompts or alerts.

      Rapid7 says that SMS-based multi-factor authentication (MFA) protections are especially vulnerable here, since attackers could intercept OTPs or codes meant for account verification. The seriousness is underlined by the fact that attackers need no special permissions or user interaction for the exploit to succeed. In their disclosure, Rapid7 noted repeated failed attempts to engage with OnePlus before making the issue public. Only after the disclosure did OnePlus respond, promising a global patch rollout by mid-October.

      In practice, users of vulnerable OnePlus phones are left in limbo. There’s no way to confirm whether your data has been accessed in the interim, so caution is the only viable recourse. Security-minded users should immediately remove nonessential or untrusted apps, rely on app stores with stronger vetting, and — most importantly — switch from SMS-based 2FA to more secure methods like time-based one-time passwords (TOTP) or hardware keys. Also, sensitive communications should bypass SMS entirely, favoring end-to-end encrypted messaging platforms. As the patch approaches, OnePlus users should watch carefully for software updates and apply them quickly when they arrive.

      Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
      Previous ArticleOneleet Secures $33M to Challenge “Compliance Theater” in Cybersecurity
      Next Article Ontra’s Sharp AI Move Tightens the Noose on Legal Backlog in Private Markets

      Related Posts

      U.S. Biotechs Turn to Secrecy as China Accelerates Drug Development Race

      July 16, 2026

      Fiat Bets on Tiny EV as Affordable Transportation Returns to the Spotlight

      July 15, 2026

      Personalized UVB Device Promises Vitamin D Benefits While Raising Questions About Medicalizing Everyday Health

      July 15, 2026

      Meta Patent Ignites Fresh Fears Over AI-Powered Emotional Surveillance

      July 14, 2026
      Add A Comment
      Leave A Reply Cancel Reply

      Editors Picks

      U.S. Biotechs Turn to Secrecy as China Accelerates Drug Development Race

      July 16, 2026

      Fiat Bets on Tiny EV as Affordable Transportation Returns to the Spotlight

      July 15, 2026

      Personalized UVB Device Promises Vitamin D Benefits While Raising Questions About Medicalizing Everyday Health

      July 15, 2026

      Meta Patent Ignites Fresh Fears Over AI-Powered Emotional Surveillance

      July 14, 2026
      Popular Topics
      Tesla spotlight Satya Nadella SpaceX Viral starlink Sundar Pichai Stocks Series B Taiwan Tech Space Satellite Startup Software Tim Cook Samsung Series A trending Tesla Cybertruck UAE Tech
      Major Tech Companies
      • Apple News
      • Google News
      • Meta News
      • Microsoft News
      • Amazon News
      • Samsung News
      • Nvidia News
      • OpenAI News
      • Tesla News
      • AMD News
      • Anthropic News
      • Elbit News
      AI & Emerging Tech
      • AI Regulation News
      • AI Safety News
      • AI Adoption
      • Quantum Computing News
      • Robotics News
      Key People
      • Sam Altman News
      • Jensen Huang News
      • Elon Musk News
      • Mark Zuckerberg News
      • Sundar Pichai News
      • Tim Cook News
      • Satya Nadella News
      • Mustafa Suleyman News
      Global Tech & Policy
      • Israel Tech News
      • India Tech News
      • Taiwan Tech News
      • UAE Tech News
      Startups & Emerging Tech
      • Series A News
      • Series B News
      • Startup News
      Tallwire
      Facebook X (Twitter) LinkedIn Threads Instagram RSS
      • Tech
      • Entertainment
      • Business
      • Government
      • Academia
      • Transportation
      • Legal
      • Press Kit
      © 2026 Tallwire. Optimized by ARMOUR Digital Marketing Agency.

      Type above and press Enter to search. Press Esc to cancel.