• Oxford: +44 (0)1865 877830 
  • Manchester: +44 (0)161 713 0176 
  • Edinburgh: +44 (0)131 541 0118 
  • New York: +1 646-781-7580 
  • Bucharest: +40 316 301 707 

Critical vulnerability discovered in the ultra secure BlackPhone

You are here

28

Jan

Critical vulnerability discovered in the ultra secure BlackPhone

A critical vulnerability discovered in the ultra secure BlackPhone has given attackers the ability to decrypt and read messages, read contacts, monitor geographic locations of the phone, write code or text to the phone's external storage, and enumerate the accounts stored on the device.

The vulnerability existed in SilentText which is the secure text messaging application bundled with the BlackPhone, the app can also be found in the Google play store as a free download. A component known as libscimp contained a type of memory corruption flaw known as a type confusion vulnerability.

Mark Dowd, a principal consultant with Australia-based Azimuth Security said "the vulnerability allows an attacker to directly overwrite a pointer in memory (either partially or in full), which when successfully exploited can be used to gain remote, unauthenticated access to the vulnerable device".

SGP Technologies (a joint venture between the makers of GeeksPhone and Silent Circle) has since issued a patch for a newly-discovered vulnerability

Posted by will

Leave a comment