BlackPhone vulnerability left users open to attack

Brittany A. Roston - Jan 29, 2015, 6:50 am CST
BlackPhone vulnerability left users open to attack

BlackPhone, that ultra secure phone for the spies and paranoid among us, promises a lot of things, all of them revolving around data security. As with most things, however, reality turned out to be a bit different than perfect-world promises and a bug was discovered — one that left BlackPhone users and their data open to attackers. The issue was discovered by Azimuth Security’s Mark Dowd who spotted the issue on his own BlackPhone, later detailing his findings on Azimuth’s website.

According to Dowd, BlackPhone’s messaging app contained a “serious memory corruption vulnerability” that left the device open to attack. If an attacker had the target’s phone number or SilentCircle ID, he or she could proceed to decrypt messages, get geo-data, view contacts, write to the phone’s external storage card, and even run code to wreck further havoc on the user.

Fault was with the SilentText app that comes bundled with the handset, and users needn’t worry about the issue, as Dowd says that it has been patched. The realization of that vulnerability existing on a device promising to be ultra-secure still remains, however.

Privacy concerns have grown over the past couple years as revelations about government spying and lack of privacy have surfaced. The use of encryption has grown as a result, and products that simplify that for the every-day user are cropping up in increasing numbers.

Be sure to check out our BlackPhone hands-on.

VIA: Ars Technica

Must Read Bits & Bytes