The phone designed to protect your information had a big hole

Folks buy the highly secure Blackphone handset for the warm and fuzzy feeling that nobody can see their stuff, but that trust was misplaced until recently, according to security expert Mark Dowd. He found a vulnerability in the text message application of the phone that let attackers steal messages, contacts and location info, and even execute malicious code to gain full control. All a bad guy needed to know was the device’s “SilentCircle” account info or phone number.

According to his blog, the instant messaging application (included with the Blackphone or available on Google Play) had a so-called type confusion vulnerability flaw. That means the app could mistake one type of data for another, and allow hackers to overwrite memory and replace it with malicious code. Luckily, Dowd had been probing his recently purchased Blackphone and discretely reported the bug to the company, which has now patched it. Considering the way Blackphone markets itself “to address modern privacy concerns,” however, we’d expect hackers — both black and white hat — to keep on testing it.

Filed under: ,


Via: Ars Technica

Source: Azimuth Security

Source: Engadget - Read the full article here

Author: Daily Tech Whip

This article is part of our 'News Tiles' service. The site is currently in Beta. When it is fully operational you will be able to search through and arrange the 'Tiles' to display a keyword, product or technology over your chosen time period. For example you would be able to display all of the leading tech articles on the new Kindle Fire, in one spot in real time. You will also have access to our own original reporting and analysis as well as a polished place to post your own thoughts & reviews here, amongst the Daily Tech Whip Community. Please let us know if you have any feedback via the contact form or via Twitter. Don't forget to come back next week and see our full site and claim your name and your own free tech blog.

Share This Post On