icon bookmark-bicon bookmarkicon cameraicon checkicon chevron downicon chevron lefticon chevron righticon chevron upicon closeicon v-compressicon downloadicon editicon v-expandicon fbicon fileicon filtericon flag ruicon full chevron downicon full chevron lefticon full chevron righticon full chevron upicon gpicon insicon mailicon moveicon-musicicon mutedicon nomutedicon okicon v-pauseicon v-playicon searchicon shareicon sign inicon sign upicon stepbackicon stepforicon swipe downicon tagicon tagsicon tgicon trashicon twicon vkicon yticon wticon fm
29 Jan, 2015 05:14

World’s most ‘NSA-proof’ phone vulnerable to simple SMS hack

World’s most ‘NSA-proof’ phone vulnerable to simple SMS hack

A smartphone marketed as the most anti-surveillance, NSA-proof personal device – the BlackPhone – has been found vulnerable to a simple SMS attack that allows the hacker to steal contacts, decrypt messages, and even take full control of the device.

The super-secure smartphone comes loaded with applications ensuring encrypted communication, text messaging, video conferencing, and secure online storage. The bug came in a prepackaged Silent Text secure text messaging application that comes along with the BlackPhone. It is also available for download for other devices in Google Play.

Released remotely exploitable Blackphone/SilentText bug. Requires only target's phone number/ID to exploit: http://t.co/0MDoOw2ueQ

— mdowd (@mdowd) January 28, 2015

A “serious memory corruption vulnerability” discovered by Mark Dowd of the Australia-based Azimuth Security, has already been fixed after the analyst privately disclosed the glitch to developers.

Reuters/Albert Gea

Before the application was patched, an attacker would need nothing more than the phone number of the target device.

By sending a specifically designed payload to the victim through the Silent Text application, the attacker could inject malicious code that would inherit the privileges of the secure app – thus gaining the ability to decrypt text messages, gather location information, read the phone’s contacts, and write to the external storage.

READ MORE: Blackphone lands: World’s most spy-resistant phone sold out

“Successful exploitation can yield remote code execution with the privileges of the Silent Text application, which runs as a regular Android app, but with some additional system privileges required to perform its SMS-like functionality such as access to contacts, access to location information, the ability to write to external storage, and of course net access,” Dowd explained to The Register.

The BlackPhone – which comes with a hefty price tag comparable to that of the latest iPhone – runs a modified and locked-down version of Android called PrivatOS. It is being marketed as the only end-to-end encrypted communication device. Dowd has challenged that motion.

“They aim to combat mass-surveillance by relying on encrypted phone calls and messages by default, which is an effective counter-measure, but I wanted to evaluate those solutions from an application security standpoint [and] by that I mean I wanted to see how robust their implementations were against targeted attacks, and evaluate any additional attack surface they might expose,” he said.