World’s most ‘NSA-proof’ phone vulnerable to simple SMS hack

The Blackphone (Reuters/Albert Gea)
A smartphone marketed as the most anti-surveillance, NSA-proof personal device – the BlackPhone – has been found vulnerable to a simple SMS attack that allows the hacker to steal contacts, decrypt messages, and even take full control of the device.

The super-secure smartphone comes loaded with applications ensuring encrypted communication, text messaging, video conferencing, and secure online storage. The bug came in a prepackaged Silent Text secure text messaging application that comes along with the BlackPhone. It is also available for download for other devices in Google Play.

A “serious memory corruption vulnerability” discovered by Mark Dowd of the Australia-based Azimuth Security, has already been fixed after the analyst privately disclosed the glitch to developers.

Reuters/Albert Gea

Before the application was patched, an attacker would need nothing more than the phone number of the target device.

By sending a specifically designed payload to the victim through the Silent Text application, the attacker could inject malicious code that would inherit the privileges of the secure app – thus gaining the ability to decrypt text messages, gather location information, read the phone’s contacts, and write to the external storage.

READ MORE: Blackphone lands: World’s most spy-resistant phone sold out

“Successful exploitation can yield remote code execution with the privileges of the Silent Text application, which runs as a regular Android app, but with some additional system privileges required to perform its SMS-like functionality such as access to contacts, access to location information, the ability to write to external storage, and of course net access,” Dowd explained to The Register.

The BlackPhone – which comes with a hefty price tag comparable to that of the latest iPhone – runs a modified and locked-down version of Android called PrivatOS. It is being marketed as the only end-to-end encrypted communication device. Dowd has challenged that motion.

“They aim to combat mass-surveillance by relying on encrypted phone calls and messages by default, which is an effective counter-measure, but I wanted to evaluate those solutions from an application security standpoint [and] by that I mean I wanted to see how robust their implementations were against targeted attacks, and evaluate any additional attack surface they might expose,” he said.