BlackPhone was equally good hacked final twelvemonth at the BlackHat safety conference, but the interesting cistron close the recent hack was that the attackers exclusively needed to send only a message on a targeted telephone seat out inwards guild to compromise the device.
The vulnerability was showtime discovered as well as disclosed past times Mark Dowd, a master copy safety researcher at the Australia-based consultancy theatre Azimuth Security. Dowd discovered the lawsuit belatedly inwards 2014, but waited to give away it until Blackphone got their patches as well as fixes inwards place.
The flaw truly resides inwards Silent Text application — the secure text messaging application bundled alongside the BlackPhone handsets, which is equally good freely available equally Android App on Google Play Store.
Exploiting the vulnerability would accept allowed hackers to perform next tasks:
- Decrypt messages as well as read messages
- Read as well as bag contacts
- Monitor geographic locations of the phone
- Write code or text to the phone's external storage
- Enumerate the accounts stored on the device
"Successful exploitation tin dismiss yield remote code execution alongside the privileges of the Silent Text application, which runs equally a regular Android app, but alongside about additional organization privileges required to perform its SMS-like functionality such equally access to contacts, access to location information, the mightiness to write to external storage, as well as of course of report cyberspace access," Dowd said.
The vulnerability occurred due to a cistron known equally libscimp — the BlackPhone implementation of the Silent Circle Instant Messaging Protocol (SCIMP) which runs on the Extensible Messaging as well as Presence Protocol (XMPP) — that contained a type of retention corruption flaw known equally a type confusion vulnerability.
SCIMP is used past times the creators of BlackPhone inwards an endeavor to create a secure end-to-end encryption channel betwixt people sending text messages. It equally good handles the transportation of the encrypted information through the channel.
Now, this SCIMP implementation supplied alongside SilentText contains a type confusion vulnerability, typically allowing attackers to "directly overwrite a pointer inwards retention (either partially or inwards full), which when successfully exploited tin dismiss hold out used to gain remote, unauthenticated access to the vulnerable device."
Dowd has given a corporation technical description on his blog, thence yous may mention his spider web log post service for to a greater extent than detailed explanation close the critical vulnerability.
The vulnerability has since been patched, but it is a powerful reminder for those who, no doubt, did a lot of things correct to render rigid encryption to its users, but inwards this era of to a greater extent than complex software as well as advanced hacking, in that location is no such guarantee that your production tin dismiss non hold out hacked.
