While OnePlus is a company known for manufacturing smartphones that pack in great hardware coupled with near-stock Android experience, the brand has always been in the clasp of controversies.
This time OnePlus Online Payment Platform Allegedly Hacked, Many User’s Credit Card Data has been Stolen.
The company previously found itself surrounded by the EngineerMode controversy, and later on was allegedly blamed for the preinstalled backdoor that Allows root access. Now, the team has found themselves trapped in another controversy, this time, due to alleged vulnerable online payments.
In a recent blog post on the OnePlus forums, a user reported that he had previously used his credit cards on the website’s shopping platform to purchase OnePlus devices. He was recently informed that there were several transactions requested on his credit cards that he did not make. As a result, many other users joined in and reported that they too had experienced the same issue. At this time it was not clear whether this issue was indeed serious.
So the team at information security firm Fidus stepped in to investigate it. The use of the Magento eCommerce platform was pinpointed as a possible vector of attack. This has been known to take place if adequate security measures are not in place. Unfortunately, it looks that way for OnePlus.
As Fidus mentions, there’s usually an iFrame involved during the payment process which is handled by a third-party payment processor. Instead, the payment page which requests the customer’s card details is hosted on-site.
Because the data flows directly through the OnePlus site, one could, in theory, intercept it to misuse details. Although payment details are sent to a third-party provider upon form submission, the small window in between OnePlus and the provider could be attacked to siphon credit card details before the data is encrypted on the provider side.
For now, as a user, we urge you to opt for fraud protection on your credit cards to protect you from any data theft or any unauthorized transactions. Furthermore, Fidus advised shopping on websites that make use of an off-site payment processor. There are also third-party payment providers that have created PCI compliant sandboxes for secure online transactions, which you can use, the security team reported.
Learn How to secure your Android Device’s, Join Android Reloaded Course Now.