08-11-2014 05:24 AM
So the Blackphone we have talked about here before (Über-secure Blackphone crypto-mobe spills its silicon guts) did not last long before it was hacked but the extent of the hack appears to be in question at this time.
By Richard Chirgwin, 11 Aug 2014
"A security researcher at BlackHat has sparked a “did-he-didn't-he” Tweet-storm over the extent of an alleged “hack” of the “secure by design” Blackphone.
The Twitter argument continues, with @TeamAndIRC first announcing that it only took five minutes to root the Blackphone; then backtracking on one claim because it happened on an unpatched version of Android, and noting that the second attack required user interaction.
The three items the account identifies are described as follows: (a) “USB debugging/dev menu removed, open via targeted intent”; (b) “remotewipe app runs as system, and is debuggable, attach debugger get free system shell”, and (c) “system user to root, many available”."
08-12-2014 05:33 AM
So one of the vulnerabilies had already been patched and it was old firmware on the phone which he tested, it looks like the truth is finally coming out, but it may have dented the users trust slightly.
by Pierluigi Paganini on August 12th, 2014
"Security expert Jon Sawyer (@TeamAndIRC), CTO of Applied Cybersecurity, at the recent DEF CON hacker conference demonstrated that Blackphone is vulnerable, they have rooted the super smartphone in just 5 minutes. The security researcher took 5 minutes to root the device without unlocking the device’ bootloader.
The principal problem is that the researcher didn’t know to have tested a phone with old firmware and that the designers of Blackphone had already patched one of the vulnerabilities and pushed out the update."
09-01-2014 03:33 PM
The bare reality is everything is hacker-able given the right circumstances and time to bypass the security features of any app
exactly, with enough time and money any security measure can be countered.