Feeds

Blackphone rooted at BlackHat

Details awaited on privilege escalation bug

Beginner's guide to SSL certificates

A security researcher at BlackHat has sparked a “did-he-didn't-he” Tweet-storm over the extent of an alleged “hack” of the “secure by design” Blackphone.

The Twitter argument continues, with @TeamAndIRC first announcing that it only took five minutes to root the Blackphone* (see Bootnote); then backtracking on one claim because it happened on an unpatched version of Android, and noting that the second attack required user interaction.

The three items the account identifies are described as follows: (a) “USB debugging/dev menu removed, open via targeted intent”; (b) “remotewipe app runs as system, and is debuggable, attach debugger get free system shell”, and (c) “system user to root, many available”.

This post by CSO Dan Ford at Medium answers some of @TeamAndIRC's claims.

Ford doesn't consider the debugging attack to be a vulnerability because the Android Debugging Bridge is part of Android: “We turned ADB off because it causes a software bug and potentially impacts the user experience, a patch is forthcoming.”

“I would like to thank him for not blowing the issue out of proportion and going back to the twittersphere for a little more transparency by explaining that direct user interaction is required and that we had already patched one of the vulnerabilities through the OTA update,” Ford continues.

That seems to leave the ability for a system users to get through to root: the details of the attack haven't been discussed in public, but Ford promises a patch as soon as possible once Blackphone knows what's going on.

A sidelight to the to-ing and fro-ing between @TeamAndIRC was some ill-advised crowing from the BlackBerry community over the attack, to which @TeamAndIRC responded:

®

Bootnote: @TeamAndIRC has gotten in touch with the author to point out that I misinterpreted one of his Tweets: he discovered the vulnerability in five minutes, but said it took longer than that to perform the exploit.

@TeamAndIRC added that the exploit is non-trivial: "the hack would require ignoring all of their recommendations, not updating your device, giving your phone and pin to attacker".

He also asked us to reconsider whether his “Lame for me” Tweet should be considered “backtracking”. Rather than run the story through endless revisions, here is the context that @TeamAndIRC would like considered:

The phone he used didn't have the most current firmware out-of-the-box, and a hacker conference with no safe Internet isn't the place to run updates. “I was initially unaware of the update, [Blackphone] informed me when I privately disclosed to them”. ®®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
SHELLSHOCKED: Fortune 1000 outfits Bash out batches of patches
CloudPassage points to 'pervasive' threat of Bash bug
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.