OnePlus Two | Breaking Cybersecurity News | The Hacker News

There is terrible news for all OnePlus lovers. Your OnePlus handset, running OxygenOS—the company's custom version of the Android operating system, is collecting way more data on its users than it requires. A recent blog post published today by security researcher Christopher Moore on his website detailed the data collection practice by the Shenzhen-based Chinese smartphone maker, revealing that OxygenOS built-in analytics is regularly sending users' telemetry data to OnePlus' servers. Collecting basic telemetry device data is a usual practice that every software maker and device manufacturers do to identify, analyse and fix software issues and help improve the quality of their products, but OnePlus found collecting user identification information as well. Moore simply started intercepting the network traffic to analyse what data his OnePlus device sends to its servers, and found that the data collected by the company included: User' phone number MAC addresse

There is a bad news for all OnePlus lovers. A security researcher has discovered four vulnerabilities that affect all OnePlus handsets, including One, X, 2, 3 and 3T, running the latest versions of OxygenOS 4.1.3 (worldwide) and below, as well as HydrogenOS 3.0 and below (for Chinese users). Damn, I am feeling bad, I myself use OnePlus. One of the unpatched vulnerabilities allows Man-in-the-Middle (MitM) attack against OnePlus device users, allowing a remote attacker to downgrade the device's operating system to an older version, which could then expand the attack surface for exploitation of previously disclosed now-patched vulnerabilities. What's even worse? The other two vulnerabilities also allow an MitM attacker to replace any version of OxygenOS with HydrogenOS (or vice versa), as well as to replace the operating system with a completely different malicious ROM loaded with spying apps. The vulnerabilities have been discovered by Roee Hay of Aleph Research, HCL

The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, help marketers produce unique content at low cost, and enable teams and creatives to brainstorm new ideas.  Recent significant GenAI product launches include Microsoft 365 Copilot, GitHub Copilot, and Salesforce Einstein GPT. Notably, these GenAI tools from leading SaaS providers are paid enhancements, a clear sign that no SaaS provider will want to miss out on cashing in on the GenAI transformation. Google will soon launch its SGE "Search Generative Experience" platform for premium AI-generated summaries rather than a list of websites.  At this pace, it's just a matter of a short time befo