Blackphone rooted at BlackHat

  • 11 August 2014
  • 5 replies
  • 1184 views

Userlevel 7
Badge +54
So the Blackphone we have talked about here before (Über-secure Blackphone crypto-mobe spills its silicon guts)  did not last long before it was hacked but the extent of the hack appears to be in question at this time.
 

Details awaited on privilege escalation bug

By Richard Chirgwin, 11 Aug 2014
 
"A security researcher at BlackHat has sparked a “did-he-didn't-he” Tweet-storm over the extent of an alleged “hack” of the “secure by design” Blackphone.
The Twitter argument continues, with@TeamAndIRC first announcing that it only took five minutes to root the Blackphone; then backtracking on one claim because it happened on an unpatched version of Android, and noting that the second attack required user interaction.
 The three items the account identifies are described as follows: (a) “USB debugging/dev menu removed, open via targeted intent”; (b) “remotewipe app runs as system, and is debuggable, attach debugger get free system shell”, and (c) “system user to root, many available”."
 
Full Article
 
 

5 replies

Userlevel 7
Badge +56
That's disappointing - if you lose your phone then they can get into it quite easily.
Userlevel 5
not exactly surprising, typically with physical access to a device it's only a matter of time before any security in place is compromised.
Userlevel 7
Badge +54
So one of the vulnerabilies had already been patched and it was old firmware on the phone which he tested, it looks like the truth is finally coming out, but it may have dented the users trust slightly.
 
by Pierluigi Paganini on August 12th, 2014
 
http://securityaffairs.co/wordpress/wp-content/uploads/2014/08/Blackphone-2.jpg
 
"Security expert Jon Sawyer (@TeamAndIRC), CTO of Applied Cybersecurity, at the recent DEF CON hacker conference demonstrated that Blackphone is vulnerable, they have rooted the super smartphone in just 5 minutes.  The security researcher took 5 minutes to root the device without unlocking the device’ bootloader.
The principal problem is that the researcher didn’t know to have tested a phone with old firmware and that the designers of Blackphone had already patched one of the vulnerabilities and pushed out the update."
 
Full Article
Userlevel 7
The bare reality is everything is hacker-able given the right circumstances and time to bypass the security features of any app
Userlevel 5
@Antus67 wrote:
The bare reality is everything is hacker-able given the right circumstances and time to bypass the security features of any app
exactly, with enough time and money any security measure can be countered. 

Reply