“Unhackable” Smartphone Hacked
A researcher in Australia has reportedly hacked the $629 James Bond-esque Blackphone, which producers claim puts “privacy and security ahead of everything else.”
The Blackphone’s creator, SilentCircle, is a well-known encrypted communications company founded by the legendary Phil Zimmerman, creator the popular PGP (Pretty Good Encryption) software. Its technology is marketed toward CEOs, government officials and anyone else who wants to encrypt their messages from the prying eyes of the NSA or cyber criminals. It does so by encrypting messages through its own proprietary apps, which are preloaded onto the phone.
“While exploring my recently purchased Blackphone, I discovered that the messaging application contains a serious memory corruption vulnerability that can be triggered remotely by an attacker,” the Australian researcher Mark Dowd writes on his blog.
In plain English, Dowd demonstrated how to decrypt messages, commandeer the phone’s account, gather location information and read its contacts by simply knowing its phone number.
SilentCircle has patched the problem, but, as ArsTechnica points out, “in the age of advanced hacking and ever more complex software, that’s no guarantee it can’t be hacked.”