No device can be totally secure, states a researcher by exposing security vulnerability in Blackphone
Super secure Blackphone security stands exposed! A researcher has found out a vulnerability in Blackphone security suite which allows a potential attacker to access and decrypts messages, steal contacts and control the mobile device remotely.
Blackphone which is touted as world’s most secure smartphone and was developed in light of post-Snowden privacy concerns faced by users has found success among them. The device contains custom Android operating system called PrivatOS, and features remote wiping tools and an app suite which uses encryption technology for making calls, sending texts and sharing files.
Mark Dowd, a part of Australia-based Azimuth Security, has written a lengthy blog on how cyberattackers were able to use a Silent Circle ID or phone number to remotely exploit a security bug.
Down wrote that “successful exploitation can yield remote code execution with the privileges of the Silent Text application, which runs as a regular Android app, but with some additional system privileges required to perform its SMS-like functionality such as access to contacts, access to location information, the ability to write to external storage, and of course net access,”
The security flaw was present in Blackphone’s secure text messaging application, Silent Text, which is bundled with the phone and is also available for free on Google Play.
The App (SilentText messaging) allows a user to send text messages and share files over an encrypted channel. It is managed by Silent Circle’s Instant Message Protocol (SCIMP), the channel is tunneled over Silent Circle’s XMPP servers. SCIMP provides end-to-end encryption, but due to a type confusion vulnerability contained within the SCIMP implementation, data types were mistaken for each other.
This confusion was caused by a component dubbed libscimp . The component’s flaw allowed pointers to be corrupted in order to gain arbitrary code execution. As a result, an attacker the can take advantage of this confusion and overwrite a pointer in memory, which when successfully runned, could result in a gadget being hijacked or personal data loss.
It is important to note that the implementation flaw does not imply any inherent weaknesses in the design of the SCIMP protocol nor the encryption mechanisms used by BlackPhone.
The device and its Silent Text app were the brainchild of encryption gurus Phil Zimmermann, Jon Callas and Mike Janke who created the device in the wake of and in opposition to global spying revelations revealed by NSA whistle blower Edward Snowden.
However Dowd reported that the security vulnerability to Silent Circle and the issue has been resolved. It is worth being mentioned that Blackphone got hacked in 5 minutes flat at Defcon 2014