14 DAY TRIAL // Silent Circle, maker of the super secure, privacy-focused Blackphone, has just patched its 1.x model against a security flaw that would have allowed a skilled attacker to take over the phone.
The issue (CVE-2015-6841) was discovered by security researchers at SentinelOne during one of their training sessions, and resided in the Icera modem, included with Blackphone 1 smartphones.
Researchers found that this modem left a socket open to connections and that this socket was tied to an internal Android daemon with elevated privileges.
Attackers could have exploited this open port by sending commands to the modem component, which later relayed them to the underlying daemon and the Android system itself.
Attackers could have had full control over the Blackphone
In theory, this vulnerability would allow attackers to run shell commands on the targeted Blackphone, or with the help of a specially-crafted application send more complex instructions.
These included the ability to prevent the phone from ringing, turn caller ID on or off for outgoing calls, send or receive invisible SMS messages to/from the device, reset various phone settings, enable call forwarding to silently divert incoming calls, make (visible) calls to other numbers, control which telephony call towers to connect to, force conference calls, and various other functions which the researchers didn't get to look into.
SentinelOne reported the issue to Silent Circle back in August, via the company's bug bounty program, and was awarded $500 (€460) for its efforts.
Security updates are installed automatically on Blackphone models
Silent Circle patched the issue in PrivatOS 1.1.13 RC3, the company's own version of the Android operating system, used on its Blackphone models.
In a Q&A session hosted on its blog, Silent Circle also clarified some of the situations in which this bug would have put its users in danger. Basically, the vulnerability discovered by SentinelOne needs a prior infection vector, meaning malware that could take advantage of this open port, needs to be installed on the device in advance.
The company's Blackphone 2.x branch of secure phones is not affected by this issue.
