Any modern device is made up of multiple hardware and software components, any one of which could represent a potential risk. That’s a reality that secure mobile phone vendor Silent Circle has learned with its Blackphone, thanks to the responsible security disclosure from Tim Strazzere, director of mobile research at SentinelOne.
Strazzere found that there was a misconfigured driver for an Nvidia Icera modem that could have potentially enabled an attacker to exploit the Blackphone and its users. Silent Circle has already patched the issue, and there are no reports of any user being exploited by the vulnerability. The issue also only impacted the first generation of the Blackphone, which has been superseded by the Blackphone 2, which does not use the same modem.
The discovery of the Blackphone vulnerability happened somewhat by accident. Strazzere explained that he is part of a group of security professionals known as Red Naga that provides training sessions at the DefCon security conference.
“We wanted to do a training session on reverse engineering an Android device,” Strazzere told eWEEK. “In the step of figuring out how to find vulnerabilities, we found a bunch in many devices. One of the devices before we taught the class was the Blackphone.”
“It’s a local Unix socket that would enable a local application to talk to it,” Strazzere said. “Sockets are how different programs on a device can communicate with other.”
As such, the flaw that Strazzere found on the Blackphone could not be directly remotely exploitable by an attacker on its own. That said, there are several potentially viable attack vectors where the flaw could have been exploited. One attack vector would be to embed the exploit into a malicious application. The application wouldn’t ask for any extraordinary privileges, though it would enable an attacker to send and read SMS messages and to potentially control the phone.
From a root cause perspective, Strazzere explained that the vulnerability is due to a misconfiguration in the Nvidia Icera modem driver that is used on the Blackphone.
“No one should be able to directly talk to the driver, but the ability to do so was likely left in there by accident,” Strazzere said. “It was probably in there for debugging purposes, but no one caught it before it went into a production device.”
Strazzere first reported the issue to Silent Circle at the end of August. Silent Circle uses the Bugcrowd bug reporting platform, which is where Strazzere was able to keep track of the bug and patching process. Bugcrowd provides a managed platform that runs bug bounty programs for companies. For his efforts finding the Blackphone flaw, Strazzere was awarded a $500 bug bounty.
“I had never used Bugcrowd before,” Strazzere said. “It can sometimes be really hard to track a bug and see if a company is fixing a bug, but this was a really painless process and I wish more companies worked through Bugcrowd.”
Can you look after your personal data online? Take our quiz!
Originally published on eWeek.
Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…
Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…