Last Updated:
OnePlus phones with OxygenOS are at a big security risk because a flaw that could make your SMS messages easily readable.
OnePlus phones running on OxygenOS have got a major security issue
OnePlus users have got an alarming update this week which affects them in a dangerous way. Security analysts have discovered a security flaw which allows apps to directly access the SMS messages on a phone that is running on the OxygenOS version. The bigger worry is that the security issues are yet to be fixed, which OnePlus should hopefully do in the next few weeks.
The experts have found issues with the older as well as the recent versions of OxygenOS running on OnePlus phones in countries like India and even the US.
OnePlus SMS Security Flaw: What You Should Know
The security findings by Rapid7 suggest the OxygenOS flaw allows any app to easily read through the content of SMS stored on your OnePlus phone. And as we all know, SMS is used for OTPs to make payments, or buy groceries through apps and other confidential tasks.
So, if any app is able to write the contents of an SMS without the user’s permission on the device, the level of destruction it can cause is unimaginable. You can easily lose access to your accounts, or even the money in the bank if the bad actors tap into the right nerve points. And because the flaw operates covertly, the user won’t even come to know if any app has accessed the SMS content, including any or all two-factor authentication codes needed for digital account logins.
The cybersecurity firm claims all OnePlus phones running OxygenOS 12 or later versions, including 15 based on Android 15 are susceptible to these covert attacks. The OnePlus phones mentioned by the agency are:
- OnePlus 8T
- OnePlus 10 Pro 5G with Android 14
- OnePlus 10 Pro 5G with Android 15
But the list of devices could be much longer considering even the OxygenOS 15 version is part of the casualty list. This means devices like the OnePlus 12, OnePlus 13 and even the OnePlus Open foldable could be at a high risk.
OnePlus SMS Security Danger: What The Company Has Said
Rapid7 had reached out to OnePlus about the issues and disclosed all the details to the brand. And after a slight delay, OnePlus has acknowledged the security flaw and promises a global update to fix it.
“We acknowledge the recent disclosure of CVE-2025-10184 and have implemented a fix. This will be rolled out globally via software update starting from mid-October. OnePlus remains committed to protecting customer data and will continue to prioritize security improvements,” a OnePlus spokesperson was quoted saying by PCMag in its report.
Until the security issues with OxygenOS aren’t fixed, OnePlus users are being asked not to install apps, or entertain emails from unknown contacts and switch to multi-authentication apps (instead of SMS) for logins.
S Aadeetya, Special Correspondent at News18 Tech, accidentally got into journalism 10 years ago, and since then, has been part of established media houses covering the latest trends in technology and helping fr…Read More
S Aadeetya, Special Correspondent at News18 Tech, accidentally got into journalism 10 years ago, and since then, has been part of established media houses covering the latest trends in technology and helping fr… Read More
Delhi, India, India
September 26, 2025, 14:20 IST
Read More
