That annoying OnePlus reservation system that allows users to purchase the latest version of the OnePlus 2 smartphones has been hacked by a user displeased with the queuing mechanism.
OnePlus, the Chinese phone manufacturer that sells high-end smartphones that can easily pass as phablets, has a dubious method of selling their products, which seems stuck in the late '90s.
The company uses a Web-based invitations system that organizes users into a queue, allowing them to invite more people and climb up the ranks.
Jake Cooper, a software engineer who didn't take kindly to this system demoting him from his initial position of ~9,000 to ~70,000, created an automated system that allowed him to climb back to the top of the ranks using disposable email addresses.
Using Python and the Mailinator API, Mr. Cooper created a system that would send out invites to random Mailinator disposable email addresses, extract the verification code he received from OnePlus, verify it, and get a new referral.
Using this simple technique, he managed to climb up the ranks and even reach position 1694 in the queue, while also discovering a method of DOSing the entire OnePlus invitation system.
"Adding a sleep timer of 1 resolves the problem, but I ended up DOSing the OnePlus invite queue (I [expletive] you not) and ramped it down to 1 req/5s."
The OnePlus team was informed of this issue but did not respond, and Mr. Cooper proved his point that OnePlus needs to upgrade to a more standard and "fair" product distribution system.
@oneplus Found a vulnerability with your referral system. If you're interested DM me and I'll show you how it works.
— Jake Cooper (@RealJakeCooper) August 3, 2015