OpenSSL flaws delay OnePlus One CyanogenMod phone

Shipments of the first smartphone based on the popular CyanogenMod custom Google Android firmware will be delayed after news that the open source cryptographic OpenSSL library contains several new serious security holes that have yet to be patched.

OnePlus One handset. Source: vendor.

Cyanogen moderator Abhisek Devkota acknowledged the delay on Reddit's /r/Android forum.

"As you may be aware, a handful of new issues with OpenSSL were made public on June 5th. We decided to include the correction for those vulnerabilities in the factory release of the One," he said.

"A new release means the whole firmware needs to be re-certified (including QA time), but we believe the security benefits outweigh the delay."

Prospective customers have been notified of the delay via email. The company said it was "working on perfecting some final issues" and therefore could not provide the exact shipment date for the phone.

The company has billed the OnePlus One as the "2014 flagship killer", with users having to apply for an invitation to purchase the device.

Costing US$299 for a 16GB storage version and US$349 for a 64GB variant, the OnePlus One is LTE ready (compatible with Australian 4G networks) and boasts high-end specifications.

It features a 401 pixels per inch density 5.5-inch screen with 1920 x 1080 resolution, a 2.5GHz Qualcomm Snapdragon 801 quad-core processor and a 13 megapixel camera with a Sony Exmore sensor that can shoot 4k video.

The phone is currently being marketed in North America, Europe as well as Hong Kong and Taiwan. It will not be available in Australi at launch, but the company has flagged expanding availability to a number of other unnamed countries at a later date.