Feeds

Blackphone rooted at BlackHat

Details awaited on privilege escalation bug

Remote control for virtualized desktops

A security researcher at BlackHat has sparked a “did-he-didn't-he” Tweet-storm over the extent of an alleged “hack” of the “secure by design” Blackphone.

The Twitter argument continues, with @TeamAndIRC first announcing that it only took five minutes to root the Blackphone* (see Bootnote); then backtracking on one claim because it happened on an unpatched version of Android, and noting that the second attack required user interaction.

The three items the account identifies are described as follows: (a) “USB debugging/dev menu removed, open via targeted intent”; (b) “remotewipe app runs as system, and is debuggable, attach debugger get free system shell”, and (c) “system user to root, many available”.

This post by CSO Dan Ford at Medium answers some of @TeamAndIRC's claims.

Ford doesn't consider the debugging attack to be a vulnerability because the Android Debugging Bridge is part of Android: “We turned ADB off because it causes a software bug and potentially impacts the user experience, a patch is forthcoming.”

“I would like to thank him for not blowing the issue out of proportion and going back to the twittersphere for a little more transparency by explaining that direct user interaction is required and that we had already patched one of the vulnerabilities through the OTA update,” Ford continues.

That seems to leave the ability for a system users to get through to root: the details of the attack haven't been discussed in public, but Ford promises a patch as soon as possible once Blackphone knows what's going on.

A sidelight to the to-ing and fro-ing between @TeamAndIRC was some ill-advised crowing from the BlackBerry community over the attack, to which @TeamAndIRC responded:

®

Bootnote: @TeamAndIRC has gotten in touch with the author to point out that I misinterpreted one of his Tweets: he discovered the vulnerability in five minutes, but said it took longer than that to perform the exploit.

@TeamAndIRC added that the exploit is non-trivial: "the hack would require ignoring all of their recommendations, not updating your device, giving your phone and pin to attacker".

He also asked us to reconsider whether his “Lame for me” Tweet should be considered “backtracking”. Rather than run the story through endless revisions, here is the context that @TeamAndIRC would like considered:

The phone he used didn't have the most current firmware out-of-the-box, and a hacker conference with no safe Internet isn't the place to run updates. “I was initially unaware of the update, [Blackphone] informed me when I privately disclosed to them”. ®®

Intelligent flash storage arrays

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Syrian Electronic Army in news site 'hack' POP-UP MAYHEM
Gigya redirect exploit blamed for pop-rageous ploy
prev story

Whitepapers

Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.