A security researcher claimed at the BlackHat conference in the US that the ‘snoop-proof’ privacy-orientated Android powered-Blackphone can be hacked easily.
Initially, Justin Case (@TeamAndIRC) tweeted that he was able to hack the device in just five minutes; then partially backtracked on the claim as it occurred on an un-patched Android version. He noted that the second attempt involved some user interaction.
As part of the hack, the researcher discovered three issues including ‘USB debugging/dev menu removed, open via targeted intent’; ‘remotewipe app runs as system, and is debuggable, attach debugger get free system shell; and ‘system user to root, many available’.
SGP Technologies, the joint venture between Blackphone developers Silent Circle and Geeksphone, noted that the Android Debugging Bridge is part of Android.
SGP Technologies CSO Dan Ford said: "We turned Android Debugging Bridge (ADB) off because it causes a software bug and potentially impacts the user experience. A patch is forthcoming.
"I would like to thank him for not blowing the issue out of proportion and going back to the twittersphere for a little more transparency by explaining that direct user interaction is required and that we had already patched one of the vulnerabilities through the OTA update."
Aimed at facilitating private communication, browsing and cloud storage anywhere they find cellular or Wi-Fi connections, the Blackphone features private encrypted voice and video calls and text messaging with attachments via Silent Phone and Silent Text apps.
