Blackphone, a joint venture between encrypted communications firm Silent Circle and Spanish Smartphone maker Geeksphone, has a fully customized version of Android known as PrivatOS and pre-installed with lots of privacy-enabled applications, which claims to offer its users a high-end security at consumer level.
A security researcher with twitter handle @TeamAndIRC took only 5 minutes to achieve root access on the Blackphone without having the need to unlock the device’ bootloader. The hacker even mocked Blackphone’s team by saying that “It is apparent no one ran CTS [compatibility test suite] on this device.”
The so-called “secure” Android phone that was promising security given the fact that its basically a suite of secure services that run on top of Android Open Source Project. BlackBerry dubbed it as “Consumer-Grade Privacy That’s Inadequate for Businesses.”
The researcher has highlighted three hacks in his Twitter account identifies as follows:
- USB debugging/dev menu removed, open via targeted intent
- remotewipe app runs as system, and is debuggable, attach debugger get free system shell
- system user to root, many available
The researcher then backtracked on one claim because it happened on an unpatched version of Android, and noting that the second attack required user interaction.
But according to Chief Security Officer at Medium, Dan Ford, the debugging attack is not a vulnerability as the Android Debugging Bridge is a part of Android itself.
“We turned ADB off because it causes a software bug and potentially impacts the user experience, a patch is forthcoming,” Ford says in a blog post. “I would like to thank him for not blowing the issue out of proportion and going back to the twittersphere for a little more transparency by explaining that direct user interaction is required and that we had already patched one of the vulnerabilities through the OTA update.”
Till now, the details of the debugging attack haven't been disclosed in public, but Ford promises a patch as soon as possible.
However, one of the vulnerabilities has already been patched and the other is only exploitable with direct user consent, so its not going to cause any harm to Blackphone users. Still its ironic that yet again one of the most secure Android phones is susceptible to the inherent trust model of the Android OS which was never built with security in mind.