Slashdot Mirror

← Back to Stories (view on slashdot.org)

Silent Circle's Blackphone Exploited at Def Con

Posted by timothy on from the outharshing-one-another dept.

Def Con shows no mercy. As gleefully reported by sites several Blackberry-centric sites, researcher Justin Case yesterday demonstrated that he could root the much-heralded Blackphone in less than five minutes. From n4bb.com's linked report: "However, one of the vulnerabilities has already been patched and the other only exploitable with direct user consent. Nevertheless, this only further proves you cannot add layers of security on top of an underlying platform with security vulnerabilities." Case reacts via Twitter to the crowing: "Hey BlackBerry idiots, stop miss quoting me on your blogs. Your phone is only "secure" because it has few users and little value as a target."

6 of 46 comments (clear)

  1. Still Secret Source? by bill_mcgonigle · · Score: 4, Insightful

    Blackphone is the "you can't look at it, but trust us" self-proclaimed "security" company, right? And it's easily exploitable?

    Dog-bites-man story.

    --
    My God, it's Full of Source!
    OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    1. Re:Still Secret Source? by chihowa · · Score: 4, Insightful

      It's one reason why I can't rally behind Phil Zimmerman, as much as I like PGP and appreciate much of what he's done. His insistence on keeping security software secretive and closed source, while seeming to understand the concept of trust, is baffling.

      --
      If you want a vision of the future, imagine a youtube comments section scrolling - forever.
  2. Re:Direct user consent? by ledow · · Score: 3, Insightful

    Physical access to any electronic device is basically an avenue for compromise. You really can't avoid it - at that point, it's no longer a question of "is the device secure?" as "is is STILL secure"... the only factors are how long it's out of your possession and how many obstacles are in the way of compromising it.

    Same as anything with computers - physical access to the machine means it's game over. This applies for everything from games consoles to dvd players to phones to DRM schemes to "secure boot".

    Physical access is game over. If you're lucky, you've used perfect forward secrecy and implemented it perfectly and know the device is missing and immediately blacklist it from your systems. Anything else (like real-life) is a security hole.

  3. Re:What underlying platform? by AchilleTalon · · Score: 5, Insightful

    Blackphone is not a BlackBerry phone, it is a competitor. That's why BB fans quoted Justin Case as if he did prove BB is superior to Blackphone, which isn't what he proved. BlackBerry's CEO claimed the Blackphone was only consumer-grade privacy, not business grade privacy, implying BB products are superior in terms of security. Which Justin Case doesn't agree claiming they appear safer only because they are a low interest traget to hackers.

    To summarise, it is not about underlying BB platform at all, rather than about the Blackphone underlying platform.

    --
    Achille Talon
    Hop!
  4. Silent Circle response part 1 by mrkoot · · Score: 5, Informative
    Silent Circle's response part 1:

    Blackphone rooted at DefconâS -- Part 1

    Greetings from Def Con! Thus far Team Blackphone has been having a very positive Con. We have been receiving a lot of positive feedback and praise for taking on the flag of building and maintaining a secure and private smartphone system. This was a challenge that we knew full well would not be easy, but if it were easy then anyone could do it.

    The researcher @TeamAndIRC was a little miffed at our initial response to his inquiry and I understand his point. In response, he had a t-shirt made that stated he rooted the Blackphone at Def Con. The ironic part to this is I would have absolutely gone over and made that t-shirt for him myself once the full vulnerability was explained. @TeamAndIRC and I had a chat here at Def Con. I would like to thank him for not blowing the issue out of proportion and going back to the twittersphere for a little more transparency by explaining that direct user interaction is required and that we had already patched one of the vulnerabilities through the OTA update.

    According to @TeamAndIRC there were three issues discovered. The first one is that he was able to get ADB turned on. Turning ADB on is not a vulnerability as this is part of the Android operating system. We turned ADB off because it causes a software bug and potentially impacts the user experience, a patch is forthcoming. His second discovery is accurate and here is the point I want to stress to the community. We found this vulnerability on July 30, had the patch in QA on July 31, and the OTA update released on August 1. That is pretty fast, no?

    When @TeamAndIRC details the third vulnerability today at Def Con around 2pm PST we will be on the floor. We will get the details, and feel confident that we will have the system patched just as fast as last time. That is our commitment to the community â" to close the threat window faster than any other OEM. So, for now stay tuned as we will have an update later today.

    Sincerely,

    Dan Ford, D.Sc. (@netsecrex)
    Chief Security Officer
    SGP Technologies

  5. Re:What underlying platform? by demachina · · Score: 4, Insightful

    Not clear if Case is claiming Blackberry's were never of interest to hackers or are just of no interest lately.

    Blackberrys were until recent years very high value targets, they were the phone of choice on Wall Street, for politicians and reporters.

    It wasn't that long ago repressive regimes like Saudi Arabia were telling Blackberry to back door their phones/servers or get locked out of their market which tends to suggest they must have been pretty good at something.

    There is probably something to be said for phones without a third party app market if security is job one. Android in particular is a pretty juicy target for malware.

    --
    @de_machina