Exploiting Silent Circle's Secure Blackphone
The highly secure device could have been exploited, were it not for the responsible disclosure by a security researcher.Any modern device is made up of multiple hardware and software components, any one of which could represent a potential risk. That's a reality that secure mobile phone vendor Silent Circle has learned with its Blackphone, thanks to the responsible security disclosure from Tim Strazzere, director of mobile research at SentinelOne. Strazzere found that there was a misconfigured driver for an Nvidia Icera modem that could have potentially enabled an attacker to exploit the Blackphone and its users. Silent Circle has already patched the issue, and there are no reports of any user being exploited by the vulnerability. The issue also only impacted the first generation of the Blackphone, which has been superseded by the Blackphone 2, which does not use the same modem. The discovery of the Blackphone vulnerability happened somewhat by accident. Strazzere explained that he is part of a group of security professionals known as Red Naga that provides training sessions at the DefCon security conference. "We wanted to do a training session on reverse engineering an Android device," Strazzere told eWEEK. "In the step of figuring out how to find vulnerabilities, we found a bunch in many devices. One of the devices before we taught the class was the Blackphone."
Red Naga has publicly posted its training materials on GitHub, including the steps the group used to find mobile device vulnerabilities. At a high level, the approach is all about looking for items that appear to be misconfigured in some way. Using that approach, Strazzere found an open socket on the Blackphone and began to investigate if that opening could be used to tell the device to do something it shouldn't be able to do. The open socket was not an open network port that would have been easily viewable by a remote attacker.