Hacker Roots Silent Circle’s Blackphone At DefCon

A hacker has apparently defeated the security features of the Blackphone, a privacy-focused smartphone from Silent Circle.

An account belonging to ‘Justin Case’ tweeted from the DefCon security conference about discovering a set of vulnerabilities in five minutes, which helped him enable the Android Debug Bridge (ADB) and get root access to the device without unlocking the Android bootloader.

At first, Silent Circle contested the findings of the hacker, as it turned out that the version of Android on the device wasn’t completely patched and the exploit required physical access. Later it thanked ‘Justin’ for improving the security of the Blackphone and promised a fix as soon as more information becomes available.

Being responsible

Silent Circle was established in 2012 by a team of cryptography experts which included the author of PGP encryption Phil Zimmerman and the creator of Apple’s whole disk encryption Jon Callas.

The company gained a lot of attention after it announced the Blackphone, a handset that promised to provide unparalleled levels of security, designed in partnership with Spanish manufacturer Geeksphone.

The Blackphone runs PrivatOS, a modified version of Android that includes a full suite of Silent Circle applications, and began shipping to customers in June.

After picking up a unit at DefCon, ‘Justin’ (@TeamAndIRC) discovered not one, but three different issues in PrivatOS, however it is worth noting that these didn’t compromise the security of the Silent Circle apps.

Silent Circle later explained that the first was a conscious design decision that didn’t threaten the system, while the second was already patched. The third vulnerability hasn’t been disclosed yet, since it allegedly concerns a number of phone manufacturers, not just Silent Circle.

“@TeamAndIRC and I had a chat here at Def Con. I would like to thank him for not blowing the issue out of proportion and going back to the twittersphere for a little more transparency by explaining that direct user interaction is required and that we had already patched one of the vulnerabilities through the OTA update,” wrote Dan Ford, CSO at Silent Circle.

“We are under the impression that this [final] vulnerability affects many OEMs and not just Blackphone. When the vulnerability becomes public, we will implement the fix faster than any other OEM,” added Ford in the second post.

Over the past month, Blackberry has engaged Silent Circle in a mud-slinging match over which company’s smartphone platform was more secure. A few BlackBerry fans joined this particular debate, annoying ‘Justin’ so much that he snapped on Twitter:

His latest posts suggest the hacker is now completely occupied with breaking the security of the BlackBerry 10 operating system.

Meanwhile, the legendary John McAfee used his time at DefCon to launch the BrownList – a complaints website that doesn’t deal with cyber security in any way.

What do you know about famous hackers? Take our quiz!

Max Smolaks

Max 'Beast from the East' Smolaks covers open source, public sector, startups and technology of the future at TechWeekEurope. If you find him looking lost on the streets of London, feed him coffee and sugar.

Recent Posts

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago