Silent Circle has released an update for its Blackphone device that fixes several security vulnerabilities, including a flaw in its modem (CVE-2015-6841) that could have been exploited by threat actors to gain full control of the mobile device.
The Blackphone is one of the most secure mobile devices, it uses mobile apps specifically designed to protect the user’s privacy by encrypting voice and text communications to prevent eavesdropping and snooping.
A group of researchers from the SentinelOne security firm were reverse engineering the code of the Blackphone when discovered an open and accessible socket associated with NVIDIA’s Icera modems.
“As part of reverse engineering exercise to prepare for a Red Naga training session we discovered this socket was left open and accessible on the Blackphone (BP1)” states a blog post published by SentinelOne.
The problem is the open socket could be used by apps without proper permissions to access its nVidia modem.
The experts explained that an attacker with access to the modem could exploit other vulnerabilities to remotely execute code on the Blackphone. This means that an attacker could perform any operation on the device, including sending text messages, visit specific websites or make phone calls. An attacker could also exploit the flaw to install a spyware on the device.
Silent Circle promptly fixed the security issue, experts at SentinelOne were impressed by the speed in solving the problems they reported. The researchers reported the vulnerability to Silent Circle in late August, then submitted the issue, as requested, via BugCrowd in September. Silent Circle acknowledged the submission immediately fixed the problem in four weeks. The patch was issued by SilentCircle in early December.
“When I reached out to them, they responded immediately,” Tim Strazzere, director of mobile research at SentinelOne, told SecurityWeek . “They were very interested in what I found, and asked for my suggestions, fixed the problem, asked me to check it, and then pushed the update as fast as possible,”
The flawed Icera modem used by the BlackPhone is no longer on the market.
Let me remark that the flaw affects Blackphone 1 running versions 1.1.13 RC2 and prior of PrivatOS, the Blackphone 2 is not affected by the vulnerability as confirmed by Silent Circle in a blog post. Below a few points highlighted by in the post.
(Security Affairs – BlackPhone, mobile)