Oneplus phone update introduces hardware anti-rollback

Posted by validatori 1/25/2026

Oneplus phone update introduces hardware anti-rollback(consumerrights.wiki)

465 points | 278 commentspage 4

mycall 1/25/2026|

How hard is it to fix a fuse with a microscope and a steady hand?

QuiEgo 1/26/2026||

Very hard. FIB is the only known way to do this but even then, that's the type of thing where you start with a pile of SoCs and expect to maybe get lucky with one in a hundred. A FIB machine is also millions of dollars.

userbinator 1/26/2026||

You'll need at least an electron microscope... but defeating MCU readout protection using a FIB is actually a thing:

https://www.eag.com/services/engineering/fib-circuit-edit-de...

Costs are what you'd expect for something of this nature.

direwolf20 1/26/2026||

I thought they were the one okay manufacturer. Guess not.

cmxch 1/26/2026||

So OnePlus is no better than the rest of the pack.

neals 1/26/2026||

How does an eFuse even work?

mystraline 1/25/2026||

Its high time we start challenging these sorts of actions as the "vandalization and sabotage at scale" that these attacks really are. I dont see how these aren't a direct violation of the CFAA, over millions of customer-owned hardware.

They are no different than some shit ransomware, except there is no demand for money. However, there is a demonstrable proof of degradation and destruction of property in all these choices.

Frankly, criminal AND civil penalties should be levied. Criminally, the C levels and boars of directors should all be in scope as to encouraging/allowing/requiring this behavior. RICO act as well, since this smells like a criminal conspiracy. Let them spend time in prison for mass destruction of property.

Civally, start dissolving assets until the people are made whole with unbroken (and un-destroyed) hardware.

The next shitty silly-con valley company thinks about running this scam of 'customer-bought but forever company owned', will think long and hard about the choices of their network and cloud.

skeledrew 1/25/2026|

> no demand for money

There is when the device becomes hard bricked and triggers an unnecessary need for a new one.

jijji 1/25/2026||

im sure that is not going to improve their sales numbers

hypeatei 1/25/2026||

It's my first time hearing about this "eFuse" functionality in Qualcomm CPUs. Are there non-dystopian uses for this as a manufacturer?

hexagonwin 1/25/2026||

Samsung uses this for their Knox security feature. The fuse gets broken in initial bootloader unlock, and all features related to Knox (Samsung Pay, Secure Folder, etc) gets disabled permanently even after reverting to stock firmware.

QuiEgo 1/26/2026|||

Almost every modern SoC has efuse memory. For example, this is used for yield management - the SoC will have extra blocks of RAM and expect some % to be dead. At manufacturing time they will blow fuses to say which RAM cells tested bad.

Retr0id 1/25/2026|||

eFuses are in most CPUs, often used for things like disabling hardware debug interfaces in production devices - and rollback prevention.

thesh4d0w 1/25/2026|||

I use them in an esp32 to write a random password to each of my products, so when I sell them they can each have their own secure default wifi password while all using the same firmware.

josephcsible 1/25/2026||

What advantage do you see from using eFuses and not some other way to store the password?

thesh4d0w 1/25/2026||

This is the only way I could come up with that would allow an end user to do a full factory reset, and end up back in a known good secure state afterwards.

Storing it in the firmware would mean every user has the same key. Storing it in eeprom means a factory reset will clear it. This allows me to ship hardware with the default key on a sticker on the side, and let's a non technical user reset it back to that if they need to.

It gives you a 256bit block to work with - https://docs.espressif.com/projects/esp-idf/en/stable/esp32/...

josephcsible 1/26/2026||

But couldn't you also just set aside a bit of the EEPROM your factory reset skips, and accomplish the same thing?

josephcsible 1/25/2026||

There are not. The entire premise of eFuses are that after you buy something, the manufacturer can still make changes that you can't ever undo.

Oxodao 1/26/2026||

Oneplus went shit since the 6. Pretty sad, they used to be a great brand...

skeledrew 1/25/2026|

This is absolutely cracked. I've been with OnePlus since the One, also getting the 2, 6 and now I have the 12. Stuck with them all these years because I really respected their - original - take on device freedom. I really should've seen the writing on the wall given how much pain it is to update it in the first place, as I have the NA version which only officially allows carrier updates, and I don't live in NA (and even if I did I'd still not be tied to a carrier).

Now I have to consider my device dead re updates, because if I haven't already gotten the killing update I'd rather avoid it. First thing I did was unlock the bootloader, and I intend to root/flash it at some point. Will be finding another brand whenever I'm ready to upgrade again.

dataflow 1/25/2026|

This wasn't their only pain point. [1] Just get off OnePlus, you'll be happier.

[1] https://dontkillmyapp.com/oneplus

literallywho 1/26/2026|||

Fascinating. I've had a OnePlus 6 from 2018 until 2023 (all on stock software) and I've not had or noticed any issues like that.

dataflow 1/26/2026||

You probably haven't had any apps that need to stay open a long time, or perhaps they have a way to relaunch themselves as a workaround. I've definitely seen this and it's incredibly frustrating to see processes killed when they need to stay running and are not doing anything wrong.

BeetleB 1/25/2026|||

What are good alternatives that aren't Pixel?

palata 1/25/2026||

For now, Pixels. I'm waiting to see what non-Pixel phone will be supported by GrapheneOS next, but this may take a while.

wolvoleo 1/25/2026||

Yeah I'm surprised that they announced it but not the vendor name. I'm sure Google with their infinite resources already know which vendor it is. So who are they hiding it from?