A smartphone marketed as the most anti-surveillance, NSA-proof personal device – the BlackPhone – has been found vulnerable to a simple SMS attack that allows the hacker to steal contacts, decrypt messages, and even take full control of the device.
The super-secure smartphone comes loaded with applications ensuring encrypted communication, text messaging, video conferencing, and secure online storage. The bug came in a prepackaged Silent Text secure text messaging application that comes along with the BlackPhone. It is also available for download for other devices in Google Play, RT reported.
A “serious memory corruption vulnerability” discovered by Mark Dowd of the Australia-based Azimuth Security, has already been fixed after the analyst privately disclosed the glitch to developers.
Before the application was patched, an attacker would need nothing more than the phone number of the target device.
By sending a specifically designed payload to the victim through the Silent Text application, the attacker could inject malicious code that would inherit the privileges of the secure app – thus gaining the ability to decrypt text messages, gather location information, read the phone’s contacts, and write to the external storage.
“Successful exploitation can yield remote code execution with the privileges of the Silent Text application, which runs as a regular Android app, but with some additional system privileges required to perform its SMS-like functionality such as access to contacts, access to location information, the ability to write to external storage, and of course net access,” Dowd explained to The Register.
The BlackPhone – which comes with a hefty price tag comparable to that of the latest iPhone – runs a modified and locked-down version of Android called PrivatOS. It is being marketed as the only end-to-end encrypted communication device. Dowd has challenged that motion.
“They aim to combat mass-surveillance by relying on encrypted phone calls and messages by default, which is an effective counter-measure, but I wanted to evaluate those solutions from an application security standpoint [and] by that I mean I wanted to see how robust their implementations were against targeted attacks, and evaluate any additional attack surface they might expose,” he said.
GMT 10:42 2018 Tuesday ,09 January
Why online shopping sales are less on mobile appsGMT 15:58 2017 Thursday ,14 December
UN warns of surging e-waste, little recyclingGMT 20:33 2017 Friday ,03 November
Apple’s iPhone X hits Asia stores as profits soarGMT 20:28 2017 Friday ,03 November
Samsung remains top brand as global smartphone sales keep momentumGMT 21:35 2017 Sunday ,29 October
New iPhone brings face recognition (and fears) to the massesGMT 23:25 2017 Friday ,27 October
Apple says iPhone X pre-orders are “off the charts“GMT 00:35 2017 Friday ,27 October
Nokia loss widens on weak salesGMT 08:41 2017 Tuesday ,24 October
Second Palestinian mobile provider enters GazaMaintained and developed by Arabs Today Group SAL.
All rights reserved to Arab Today Media Group 2023 ©
Maintained and developed by Arabs Today Group SAL.
All rights reserved to Arab Today Media Group 2023 ©