A smartphone marketed as the most anti-surveillance, NSA-proof personal device – the BlackPhone – has been found vulnerable to a simple SMS attack that allows the hacker to steal contacts, decrypt messages, and even take full control of the device.
The super-secure smartphone comes loaded with applications ensuring encrypted communication, text messaging, video conferencing, and secure online storage. The bug came in a prepackaged Silent Text secure text messaging application that comes along with the BlackPhone. It is also available for download for other devices in Google Play, RT reported.
A “serious memory corruption vulnerability” discovered by Mark Dowd of the Australia-based Azimuth Security, has already been fixed after the analyst privately disclosed the glitch to developers.
Before the application was patched, an attacker would need nothing more than the phone number of the target device.
By sending a specifically designed payload to the victim through the Silent Text application, the attacker could inject malicious code that would inherit the privileges of the secure app – thus gaining the ability to decrypt text messages, gather location information, read the phone’s contacts, and write to the external storage.
“Successful exploitation can yield remote code execution with the privileges of the Silent Text application, which runs as a regular Android app, but with some additional system privileges required to perform its SMS-like functionality such as access to contacts, access to location information, the ability to write to external storage, and of course net access,” Dowd explained to The Register.
The BlackPhone – which comes with a hefty price tag comparable to that of the latest iPhone – runs a modified and locked-down version of Android called PrivatOS. It is being marketed as the only end-to-end encrypted communication device. Dowd has challenged that motion.
“They aim to combat mass-surveillance by relying on encrypted phone calls and messages by default, which is an effective counter-measure, but I wanted to evaluate those solutions from an application security standpoint [and] by that I mean I wanted to see how robust their implementations were against targeted attacks, and evaluate any additional attack surface they might expose,” he said.
GMT 14:28 2018 Wednesday ,05 December
S10 leaks: Samsung to avoid camera notch with hole punch designGMT 21:10 2018 Sunday ,25 November
China's OPPO to unveil new smartphone in Kenya before end of 2018GMT 16:10 2018 Sunday ,18 November
China's Huawei to subsidize 3 Tunisian students for int'l tech competitionGMT 20:22 2018 Saturday ,20 October
Huawei unveils Mate 20 Pro with fingerprint sensor under the screenGMT 23:05 2018 Friday ,14 September
Apple unveil its lineup of new iPhones XS and XS Max at DubaiGMT 09:43 2018 Friday ,19 January
Apple facing slew of Russian lawsuits over slow iPhonesGMT 09:26 2018 Tuesday ,16 January
Le smartphone? France has another term in mindGMT 08:07 2018 Wednesday ,10 January
Huawei deal to sell phones through AT&T in US falls apartMaintained and developed by Arabs Today Group SAL.
All rights reserved to Arab Today Media Group 2021 ©
Maintained and developed by Arabs Today Group SAL.
All rights reserved to Arab Today Media Group 2021 ©
Send your comments
Your comment as a visitor