Silent Circle, maker of the privacy-centric Blackphone, has moved quickly to patch a vulnerability exposed by security researchers that could allow hackers to hijack handsets and take control of vital functions.
The Blackphone runs a version of Android called PrivatOS and rose to prominence following the Edward Snowden disclosures in 2013 that exposed the spying apparatus in place in the US and UK.
The handset provides extra control over security settings and application permissions, and offers encrypted calls and messaging features.
However, a flaw was uncovered by US security firm SentinelOne that affected only the original Blackphone handset. The findings reinforce the idea that no mobile device can claim to be completely free of security bugs.
Tim Strazzere, director of mobile research at SentinelOne, told V3 that the bug could give a hacker elevated access to applications by hiding standard app permissions during installation.
“Normally, if I wanted to snoop on your SMS or place phone calls without you knowing, the permissions on applications would be apparent,” he said.
“When you install an app it would show that it was going to send and receive SMS and make phone calls. Hopefully a privacy conscious user would see that and not want to install the application.
“With this vulnerability what could happen is that you would see the app but it wouldn’t be requesting any extra permissions.
“You would probably install it and from there [a hacker] would be able to circumvent the Android protection system and do things such as send and receive SMS, intercept them and place phone calls from the actual device.”
Strazzere said in a blog post that his firm was preparing for a Red Naga training session when they found that an SELinux socket was left open on the Blackphone. This open socket could be used by an attacker to communicate directly with the phone’s modem.
“There is almost no mention of this socket anywhere on the internet except for file_contexts used by SELinux on Android. It appeared to be for the Nvidia Shield tablet, which is the only other Android device that seems to be used in the wild with an Icera modem and has since been abandoned by Nvidia,” he explained.
SentinelOne said that the bug could be used to check the state of phone calls silently, force conference calls with other numbers and mute the modem speaker.
The firm discovered the flaw in late August and quickly contacted Silent Circle before submitting the problem via Bugcrowd a month later.
Silent Circle said: “Based on the research provided by SentinelOne it is safe to assume that any device using the Nvidia Icera modem would be vulnerable. Based on our knowledge we do not know of any other device that would be using this modem.
“Vulnerabilities are inevitable. It is how you react to those vulnerabilities that counts. How does Silent Circle react? We patch vulnerabilities and give credit where credit is due.”
Silent Circle stressed that users should update their handsets immediately. “Please ensure that your Blackphone is updated to version 1.1.13 RC3 or later. Further, we are not aware of any known exploits in the wild for this vulnerability,” the firm said.
Silent Circle launched the Blackphone 2 in September which has an even greater emphasis on privacy and security.