Security-Focused BlackPhone Was Vulnerable To Simple Text Message Bug

mask.of.sanity sends this report from El Reg: The maker of BlackPhone – a mobile marketed as offering unusually high levels of security – has patched a critical vulnerability that allows hackers to run malicious code on the handsets. Attackers need little more than a phone number to send a message that can compromise the devices via the Silent Text application.

The impact of the flaw is troubling because BlackPhone attracts what hackers see as high-value victims: those willing to invest AU$765 (£415, $630) in a phone that claims to put security above form and features may well have valuable calls and texts to hide from eavesdroppers.

Security is a process ...

[gstoddart]

The problem with security is it is an on-going process, and it takes time. Which means the trust that you actually are secure also takes time.

So, just because you started out thinking "Oh boy, are we going to be hella secure" -- it takes a long time to FIND all those things which defeat that, and just as long to convince everybody that you've done it.

Almost as soon as I heard of this phone my first thought was "gee, you're brand new, why should be trust that you've got it sorted out".

And, as TFS says ... this phone is used by people who want additional security. What the hell made you think you wouldn't be immediately targeted? This is like advertising you have an unbreakable vault ... now everybody wants to prove you wrong.

I think they started trading on a reputation they hadn't earned yet, and now it's biting them in the ass.