Has the unhackable phone been hacked?
The Blackphone handset, designed to be secure against hackers and government surveillance, has been “hacked” at a conference full of security experts - but does it really count?
Debate is raging online amongst security researchers after the Blackphone was “hacked” in just five minutes at the BlackHat conference.
The Blackphone was created as a “secure by design” handset that would make
government surveillance of communications and cyber attacks more difficult,
developed by SGP Technologies, and using a modified version of Android
called PrivatOS.
Researcher Justin Case announced that he had broken into the handset. In one
attack they gained access to a debugging service and in another they managed
to get shell access from which they could run a series of commands that
could potentially leak private data.
But the company behind the phone claimed that the first hack required user
action to carry out, so would arguably not be effective against a
conscientious user, and that the second vulnerability has already been
patched.
Being able to turn on the Android Debugging Bridge (ADB) was not a
vulnerability, said designers, as it was only disabled to prevent a
potential bug rather than for security reasons.
A Twitter account belonging to the researchers said it was a “bit sad” that
the flaw had been patched before they found it, and that they had “got
lucky” with getting a phone with old firmware.
However, the researchers are also due to release a third, as-yet undescribed vulnerability with the device later today.
Dan Ford, chief security officer at the makers of the phone, said in a blog post that it too would be resolved quickly: “We will get the details, and feel confident that we will have the system patched just as fast as last time. That is our commitment to the community – to close the threat window faster than any other OEM.”
However, the researchers are also due to release a third, as-yet undescribed vulnerability with the device later today.
Dan Ford, chief security officer at the makers of the phone, said in a blog post that it too would be resolved quickly: “We will get the details, and feel confident that we will have the system patched just as fast as last time. That is our commitment to the community – to close the threat window faster than any other OEM.”
0 comments:
Post a Comment