Solve a Serious Vulnerability In Blackphone - Slap The Wizard

Rabu, 04 Februari 2015

Solve a Serious Vulnerability In Blackphone

Solve a serious vulnerability in the security of Blackphone. Blackphone is a smartphone that has reached the market last year depending since its launch two areas that until now have not worried any vendor: security and privacy. A commitment to hinder the work of tracking and spying major companies and government organizations but that the slightest error could compromise its users, and it was.

A serious vulnerability in the operating system blackphone allowed hackers and unauthorized users execute remote code in the device memory so that we can decrypt the data from the device and thus access to all conversations. To exploit this vulnerability just enough to send an SMS to the victim device, once it is received, and was committed.

The vulnerability in question was Silent Text, send a secure application to design for other users of the same messages. This application (available for everyone in the Google Play Store) comes by default as part of the suite of blackphone and, inadvertently, all devices were committed to discovering the vulnerability.

A successful exploitation of this security flaw in the smartphone blackphone may allow the attacker:

Decrypt and read the messages.
SilentCircle access the account.
Access the contact list and download it.
Locate the device via GPS.
Write to external storage device.
Run code by the hacker (the danger intensifies if you have root access).

As mentioned, the application has already been updated and the device returns to be 100% secure. Also, users who want to ensure once again a 100% protection should reset their device to factory settings (to avoid if being attacked safety is not compromised by any resident code) and avoid, if possible, get root on the operating system as this represents a significant security breach in Android. Have you tried any blackphone device?