Blackphone "hacked", root access gained via debug

Blackphone was originally billed as the most secure Android phone you could get. That claim may have been upended, as a hacker going by the handle @TeamAndIRC has gained root access using the Android Debugging Bridge (ADB). Blackphone is mildly disputing the security exploit, but also commend the team for bringing it to light.

This all came to light at DefCon, the hackers conference where you could also find a WiFi-hacking cat. Blackphone contends that using aDB is not technically an exploit, as it's part of the Android system. From their blog post:

According to @TeamAndIRC there were three issues discovered. The first one is that he was able to get ADB turned on. Turning ADB on is not a vulnerability as this is part of the Android operating system. We turned ADB off because it causes a software bug and potentially impacts the user experience, a patch is forthcoming. His second discovery is accurate and here is the point I want to stress to the community. We found this vulnerability on July 30, had the patch in QA on July 31, and the OTA update released on August 1. That is pretty fast, no?

Blackphone also commended @TeamAndIRC for returning to Twitter after a conversation at DefCon to clarify the issue, but also chided him a bit for making a T-Shirt saying he hacked Blackphone. Blackphone runs on Android, but uses a proprietary operating system, called PrivatOS, to handle much of the security.

The root access was gained without access to the bootloader, too. Those who don't consider an OS layer to add security to Android will have a field day with this, but nonetheless — Blackphone still may be the most secure open-source smartphone around.

Via: Medium 1, Medium 2