You might want to think twice before sending that sensitive text message over your supposedly secure Blackphone. A security flaw discovered by an Australian communication security expert could have allowed attackers to decrypt a Blackphone user’s messages, gather location information, and run additional code of the attacker’s choosing.
Blackphone’s manufacturers patched the flaw before it was made public and users can now update their firmware over the air. Still, the news is alarming considering that the Blackphone’s primary aim was to provide users with a secure form of communication. Blackphone has billed itself as the answer to threats from attackers as sophisticated as the NSA (National Security Agency) and its British counterpart, the GCHQ (Government Communications Headquarters).
They Only Need Your Phone Number
The flaw resided in the Silent Text app that comes bundled as part of the phone’s pre-installed security software. Mark Dowd, the founder of the Australian security company Azimuth, was the first to discover the flaw. The messaging app contains a memory corruption vulnerability. Hackers could have used that vulnerability to remotely trigger an attack on the phone, according to a post on Dowd's blog.
“If exploited successfully, this flaw could be used to gain remote arbitrary code execution on the target's handset,” Dowd wrote. “The code run by the attacker will have the privileges of the messaging application, which is a standard Android application with some additional privileges.” Attackers would have even been able to download a list of a user’s contacts by exploiting the flaw, or take complete control of the device, Dowd added.
What may be most disturbing, however, is the ease with which such an attack could have been carried out. Dowd said that all an attacker would have needed to exploit the vulnerability is the phone number or Silent Circle ID number that is associated with the phone. Although the problem has been fixed, the severity of the flaw raises questions about what other vulnerabilities may be lurking on the Blackphone.
Designed To Be Secure
The Blackphone made a splash in the security world when it shipped last summer, amid a wave of revelations of government spying and high-profile criminal hacks. The handset is built as part of a joint venture between Silent Circle, which makes the Silent Circle suite of apps, and the Spanish handset manufacturer Geeksphone. The joint venture is based in Switzerland, the better to assert its privacy bona fides.
The phone runs a customized version of Android KitKat designed to be more secure. Known as PrivatOS, the modified operating system and the $629 smartphone it runs on are supposed to put users' minds at rest when they're sending sensitive communications.
Blackphone allows users to make encrypted phone and video calls and send encrypted text messages via the Silent Circle, Silent Phone and Silent Text apps that come bundled with the handset. Its Wi-Fi manager also works to prevent hackers from attacking via the Wi-Fi connection.
But despite the focus on privacy and security, the Blackphone has nevertheless turned out to be vulnerable to attackers as well.