THE BLACKPHONE, which Silent Circle claims to be the world's most secure phone, reportedly has been hacked at the Def Con hacker conference in Las Vegas.
Hacker Justin Case, who is known as @TeamAndIRC, claimed to find three vulnerabilities and hack the phone on three separate occasions to gain root access, announcing his findings on Twitter.
However, the tweets caused a bit of a stir among security experts, as the first hack supposedly was accomplished on an unpatched version of Android.
Black phone hack #1, USB debugging/dev menu removed, open via targeted intent— Justin Case (@TeamAndIRC) August 10, 2014
Blackphone's CSO Dan Ford responded to @TeamAndIRC in a blog post and said that he didn't consider the debugging attack to be a vulnerability because the Android Debugging Bridge is part of Android.
"In the final days before manufacture, a bug was found with ADB on the Blackphones which could throw the phone into a boot loop when full device encryption was turned on," Ford explained.
"Rather than miss the manufacturing window or cause user grief, the developer menu was turned off. Disabling ADB is not a security measure, and was never meant to be - it will be returning in an OTA to Blackphone in the future once the boot bug is resolved; the realities of getting a product manufactured and shipped within the available manufacturing window meant a quick fix was needed."
Ford added that no root or other privilege escalation was required in order to perform this.
But @TeamAndIRC went ahead and did it again via what he claimed was a "remotewipe app" running as system, which he said "is debuggable, attach debugger get free system shell".
A simple run of CTS or a proper audit would have prevented the black phone hack— Justin Case (@TeamAndIRC) August 10, 2014
However, Blackphone insisted that the hacks @TeamAndIRC found require user consent, as the vulnerabilities he found are not exploitable via a drive-by-download or other remote activities and will further require intentional user interaction.
"We are under the impression that this vulnerability affects many OEMs and not just Blackphone. When the vulnerability becomes public, we will implement the fix faster than any other OEM," Ford responded.
"This would mean the user lost physical control of their Blackphone or they wanted to walk around with an exploitable smartphone. Nonetheless, we have a vulnerability and it is important to Blackphone to resolve this vulnerability fast."
The third and final vulnerability @TeamAndIRC found he was not willing to discuss, but described it as "system user to root, many available".
"I would like to thank him for not blowing the issue out of proportion and going back to the twittersphere for a little more transparency by explaining that direct user interaction is required and that we had already patched one of the vulnerabilities through the OTA update," Ford added.
The Blackphone is a collaboration between security firm Silent Circle and Geeksphone to make a smartphone running the firm's custom PrivatOS, which it touted as "the phone no-one has dared to make yet".
The Blackphone is centered around privacy, and the company is keen to point out that while Google's Android mobile operating system is at its core, it's much more secure than the present influx of smartphones running Android. This is fortunate, based on the latest Android security statistics, which reveal that it is the target for 98 percent of all mobile malware. µ