A hacker has apparently defeated the security features of the Blackphone, a privacy-focused smartphone from Silent Circle.
An account belonging to ‘Justin Case’ tweeted from the DefCon security conference about discovering a set of vulnerabilities in five minutes, which helped him enable the Android Debug Bridge (ADB) and get root access to the device without unlocking the Android bootloader.
At first, Silent Circle contested the findings of the hacker, as it turned out that the version of Android on the device wasn’t completely patched and the exploit required physical access. Later it thanked ‘Justin’ for improving the security of the Blackphone and promised a fix as soon as more information becomes available.
The company gained a lot of attention after it announced the Blackphone, a handset that promised to provide unparalleled levels of security, designed in partnership with Spanish manufacturer Geeksphone.
The Blackphone runs PrivatOS, a modified version of Android that includes a full suite of Silent Circle applications, and began shipping to customers in June.
After picking up a unit at DefCon, ‘Justin’ (@TeamAndIRC) discovered not one, but three different issues in PrivatOS, however it is worth noting that these didn’t compromise the security of the Silent Circle apps.
Silent Circle later explained that the first was a conscious design decision that didn’t threaten the system, while the second was already patched. The third vulnerability hasn’t been disclosed yet, since it allegedly concerns a number of phone manufacturers, not just Silent Circle.
“@TeamAndIRC and I had a chat here at Def Con. I would like to thank him for not blowing the issue out of proportion and going back to the twittersphere for a little more transparency by explaining that direct user interaction is required and that we had already patched one of the vulnerabilities through the OTA update,” wrote Dan Ford, CSO at Silent Circle.
“We are under the impression that this [final] vulnerability affects many OEMs and not just Blackphone. When the vulnerability becomes public, we will implement the fix faster than any other OEM,” added Ford in the second post.
Over the past month, Blackberry has engaged Silent Circle in a mud-slinging match over which company’s smartphone platform was more secure. A few BlackBerry fans joined this particular debate, annoying ‘Justin’ so much that he snapped on Twitter:
Hey BlackBerry idiots, stop miss quoting me on your blogs. Your phone is only “secure” because it has few users and little value as a target
— Justin Case (@TeamAndIRC) August 10, 2014
His latest posts suggest the hacker is now completely occupied with breaking the security of the BlackBerry 10 operating system.
Meanwhile, the legendary John McAfee used his time at DefCon to launch the BrownList – a complaints website that doesn’t deal with cyber security in any way.
What do you know about famous hackers? Take our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…