Super secure, Blackphone hacked at DefCon
12 Aug 2014
The Blackphone, touted as a super secure consumer alternative to standard smartphones, has been successfully hacked. The hack comes not long after Blackphone faced off Blackberry as the latter called the secure device "unacceptable" for enterprise and petty customers.
The recent DefCon hacking conference saw "@TeamAndIRC" hack the phone and gain root access within five minutes, without unlocking the bootloader. The hack closely followed research aired at the Black Hat security conference showing a serious vulnerability within Google's Nest Thermostat.
One of the flaws was pretty innocuous as it required users' consent while the other had been patched.
Blackphone, is a joint venture between Silent Circle and Geeksphone, who created the phone aimed at securing personal data.
The phone's setup had raised concerns though, as rather than a unique OS, the Blackphone's PrivatOS was built atop Android technology, which is known to be easy to breach.
Blackphone, however, is not the only consumer-oriented smartphone with security as selling point. A rival handset, reported in March called the "Snowden Phone" was officially named the Privacy Phone – which promised private communications, anonymous internet access, and online security to users, who could even pay anonymously in Bitcoins for the device.
The hack has sparked off an online debate amongst security researchers after the hacking of the Blackphone in just five minutes at the BlackHat conference.
The Blackphone was designed to offer a degree of security that would make government surveillance of communications and cyber attacks more difficult. It was developed by SGP Technologies, and used a modified version of Android called PrivatOS.
Researchers from TeamAndIRC, in one attack gained access to a debugging service and in another managed to get shell access from which they could run a series of commands capable of leaking private data.
Meanwhile, the researchers are due to release a third, as-yet undescribed vulnerability in the device later today.
In a blog post, Dan Ford, chief security officer at the makers of the phone, said, the vulnerability too would be resolved quickly. ''We will get the details, and feel confident that we will have the system patched just as fast as last time. That is our commitment to the community – to close the threat window faster than any other OEM,'' Ford said.