Has the unhackable phone been hacked?

by 09:24 0 comments

Has the unhackable phone been hacked?

The Blackphone handset, designed to be secure against hackers and government surveillance, has been “hacked” at a conference full of security experts - but does it really count?

Debate is raging online amongst security researchers after the Blackphone was “hacked” in just five minutes at the BlackHat conference.
The Blackphone was created as a “secure by design” handset that would make government surveillance of communications and cyber attacks more difficult, developed by SGP Technologies, and using a modified version of Android called PrivatOS.
Researcher Justin Case announced that he had broken into the handset. In one attack they gained access to a debugging service and in another they managed to get shell access from which they could run a series of commands that could potentially leak private data.
But the company behind the phone claimed that the first hack required user action to carry out, so would arguably not be effective against a conscientious user, and that the second vulnerability has already been patched.
Being able to turn on the Android Debugging Bridge (ADB) was not a vulnerability, said designers, as it was only disabled to prevent a potential bug rather than for security reasons.
A Twitter account belonging to the researchers said it was a “bit sad” that the flaw had been patched before they found it, and that they had “got lucky” with getting a phone with old firmware.
However, the researchers are also due to release a third, as-yet undescribed vulnerability with the device later today.
Dan Ford, chief security officer at the makers of the phone, said in a blog post that it too would be resolved quickly: “We will get the details, and feel confident that we will have the system patched just as fast as last time. That is our commitment to the community – to close the threat window faster than any other OEM.”

Unknown

Developer

Cras justo odio, dapibus ac facilisis in, egestas eget quam. Curabitur blandit tempus porttitor. Vivamus sagittis lacus vel augue laoreet rutrum faucibus dolor auctor.

0 comments:

Post a Comment