Latest in Blackphone

Image credit:

The phone designed to protect your information had a big hole

Steve Dent, @stevetdent
January 28, 2015
Share
Tweet
Share

Sponsored Links

Folks buy the highly secure Blackphone handset for the warm and fuzzy feeling that nobody can see their stuff, but that trust was misplaced until recently, according to security expert Mark Dowd. He found a vulnerability in the text message application of the phone that let attackers steal messages, contacts and location info, and even execute malicious code to gain full control. All a bad guy needed to know was the device's "SilentCircle" account info or phone number.

According to his blog, the instant messaging application (included with the Blackphone or available on Google Play) had a so-called type confusion vulnerability flaw. That means the app could mistake one type of data for another, and allow hackers to overwrite memory and replace it with malicious code. Luckily, Dowd had been probing his recently purchased Blackphone and discretely reported the bug to the company, which has now patched it. Considering the way Blackphone markets itself "to address modern privacy concerns," however, we'd expect hackers -- both black and white hat -- to keep on testing it.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Google Fi's phone subscription gets you a Pixel 4a for just $15 per month

Google Fi's phone subscription gets you a Pixel 4a for just $15 per month

View
NASA shares first images from OSIRIS-REx's touchdown on Bennu

NASA shares first images from OSIRIS-REx's touchdown on Bennu

View
California Uber drivers sue company over Prop 22 app notifications

California Uber drivers sue company over Prop 22 app notifications

View
Jabra's ANC update for the Elite 75t earbuds is now available

Jabra's ANC update for the Elite 75t earbuds is now available

View
Google is testing a way to activate Assistant without wake words

Google is testing a way to activate Assistant without wake words

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr