Blackphone gets rooted at BlackHat security conference
Blackphone is a venture by Silent Circle and Geeksphone, and it is designed to provide a suite of secure services running on a fork of the Android Open Source Project (AOSP). Called PrivatOS, it is meant to provide a consumer level access to secure options that protect personal data from being leaked to third parties.
The advent of seeing a device like the Blackphone come to market was in the wake of all the Edward Snowden shenanigans, so there was a receptive audience to the purported capabilities of this device. Of course, the Blackphone was not marketed as an “NSA-proof” device, but that became the running joke once it was unveiled at MWC 2014.
The dominant player in the smartphone security line is BlackBerry, a company that has taken great pride and strides to be the “truly secure” mobile platform for the enterprise and the company’s precious government customers.
So naturally, Blackphone and BlackBerry started kicking sand on to each other’s turf to talk about how awesome their own security features were. We are not going to re-hash that drama here, because @TeamAndIRC was able to root a Blackphone in less than five minutes at the BlackHat security conference.
Now before everyone runs away with that revelation, one of the vulnerabilities has already been patched, and it appears that the only other exploitable portion is possible with direct user permission. That did not stop a fair amount of poking a little fun at Blackphone though, “It is apparent that no one ran a [compatibility test suite] on this device.” Last time we checked, two-thirds of the exploit path had been given the Blackphone.
The crux of Blackphone’s security features do not lie solely within PrivatOS, as there is a suite of security applications that ship with the device too. However, it is not the greatest of feelings when that OS which all those apps and features work on was able to be “handled” so easily.
While that might seem like easy pickings for BlackBerry, @TeamAndIRC promise that BlackBerry is their next target, ribbing the gang in Waterloo by stating that BlackBerry security is “security by lawsuit.”
UPDATE: As we were following the ongoing conversation about @TeamAndIRC's accomplishment, it is evident that the root did not take less than five minutes. Apparently that was a mis-quote from when someone thought they had five minutes left to complete the task. So, the root did not take less than five minutes. The team is still looking into the vulnerabilities they have found so far, with one portion still being examined and will be disclosed privately when fully understood.
sources: @TeamAndIRC via N4BB
9. _Bone_ (Posts: 2140; Member since: 29 Oct 2012)
You do realize that every Blackberry phone is being tracked cause... you know, it's a Blackberry and agencies think you must store something valuable on it if you bought one.
Digital security is an illusion. A piece of paper kept between your balls is still the only way you'll keep something hidden, that is until you meet the wrong prost...
16. Droid_X_Doug (Posts: 5955; Member since: 22 Dec 2010)
Further, BB's 'security' model is based on BES, which is server-based. Servers are the foundation for man-in-the-middle hacks, so don't go thinking that BB is the God of security, 'cause it isn't.
18. meanestgenius (Posts: 2264; Member since: 28 May 2014)
When it comes to the other OS's out there, they are. BB10 and BES 10 have yet to be hacked.
By the way, their entire security model IS NOT based off of BES. There are MANY other things that go into what makes their end to end solution the most secure in mobile.
20. 0xFFFF (Posts: 3766; Member since: 16 Apr 2014)
"When it comes to the other OS's out there, they are. BB10 and BES 10 have yet to be hacked."
You are just drinking different kool-aid.
Security against "hackers" is worth what? Next to nothing. Because this risk is minimal.
A much more substantive risk is falling afoul of someone in government, or someone else influencing government to get something from you that they want, say a piece of property. And governments have complete access to your BB phone and BES data. A well-funded "hacker" is going to go this route and do whatever they want to do, and you may never know.
22. Droid_X_Doug (Posts: 5955; Member since: 22 Dec 2010)
How do you think Angela's BB got hacked by the NSA? Please don't whine about how a new version of BBOS is patching past holes in the OS. There are more ways to crack/hack a server than ever. That is why point-to-point encryption has become the accepted gold standard for secure communication in the cryptographic community.
23. meanestgenius (Posts: 2264; Member since: 28 May 2014)
Her BBOS7 phone? Right....
As I said BB10 has yet to be hacked, and with the purchase of Secusmart, they have further strengthened their security.
Let's be clear ABSOLUTELY NO PHONE is hack proof. But with the steps that BlackBerry has taken with their security measures, ESPECIALLY with BB10, it makes their current line of handsets harder to hack than the rest. No whining necessary. That's a FACT. BB10 HAS YET TO BE HACKED.
That's why BlackBerry is the GOLD STANDARD when it comes to mobile security. More governments and and security-conscious organizations put their faith and use BlackBerry phones more than any other mobile phone. For those businesses that do not, or use a minimum of BlackBerry mobile phones, they use BES 10 to manage those phones. These are FACTS. You need me to provide links? Just say so....
25. 0xFFFF (Posts: 3766; Member since: 16 Apr 2014)
"As I said BB10 has yet to be hacked, and with the purchase of Secusmart, they have further strengthened their security."
BS. They purchased Secusmart so they have complete control over the platform, i.e. can put in whatever backdoors that are required by the NSA and others. True security involves an independent set of checks and balances. Not a single vendor and "trust us".
So, while you can get all amped up on the BB Kool-Aid, there is zero security for BB, just like all other major mobile vendors. This is reality. It isn't pleasant, but it is what we all have to live with.
27. meanestgenius (Posts: 2264; Member since: 28 May 2014)
....and you OF COURSE, have PROOF of all of this? That this is why BlackBerry made this purchase?
47. hawbman (Posts: 1; Member since: 10 Aug 2014)
Check again your fact. It's the Nokia of Merkel that was being hacked.
24. 0xFFFF (Posts: 3766; Member since: 16 Apr 2014)
"....says the conspiracy theorist."
Sheesh. Wake up and read the Internet. There are tons of documents about NSA involvement with Blackberry, Apple, Microsoft, etc. And those documents are a tiny subset of everything that is in place today.
Maybe it could have been called "conspiracy theory" before Snowden, but now it is factual reality.
26. meanestgenius (Posts: 2264; Member since: 28 May 2014)
I know all of this. I still think you're a conspiracy theorist.
This is a CELL PHONE site. Leave the politics at the door, please.
29. 0xFFFF (Posts: 3766; Member since: 16 Apr 2014)
"I know all of this. I still think you're a conspiracy theorist."
Okay. When faced with a known, widely accepted, factual reality, you still want to believe it is "conspiracy theory".
This is called confirmation bias:
"Confirmation bias, also called myside bias, is the tendency to favor information that confirms one's beliefs or hypotheses. People display this bias when they gather or remember information selectively, or when they interpret it in a biased way. The effect is stronger for emotionally charged issues and for deeply entrenched beliefs. People also tend to interpret ambiguous evidence as supporting their existing position."
Basically it means that your brain no longer works in an objective manner anymore.
32. meanestgenius (Posts: 2264; Member since: 28 May 2014)
My brain works fine. I just neither want or need to read any of this from YOU.
34. 0xFFFF (Posts: 3766; Member since: 16 Apr 2014)
"I just neither want or need to read any of this from YOU."
So go and do some reading and it won't be from me. It will be from everywhere. And then you can stop with the "conspiracy theory" nonsense everytime you read something that you're ignorant about.
36. meanestgenius (Posts: 2264; Member since: 28 May 2014)
That's where you're wrong. I'm DEFINITELY NOT ignorant about this stuff. I just don't wish to read it HERE FROM YOU. I didn't initiate this little diatribe between us. YOU did.
37. 0xFFFF (Posts: 3766; Member since: 16 Apr 2014)
" I'm DEFINITELY NOT ignorant about this stuff. "
So you just like to act ignorant and say that it's "conspiracy theory". Because that's your idea of a hobby, apparently. Lol.
41. meanestgenius (Posts: 2264; Member since: 28 May 2014)
How am I acting ignorant? Because I do not wish to read it here from you? You're ignorant if you can't grasp what I'm saying. It's also hypocritical to constantly say these things and yet you don't "walk the walk". You use google devices. You're perpetuating the very thing you seek to inform others about on every post of yours.
28. meanestgenius (Posts: 2264; Member since: 28 May 2014)
And the NSA HARDLY has that much involvement with BlackBerry outside of the POTUS's own BlackBerry and some BBOS 6 or 7 handset they hacked a few years ago.
Also, I'm guessing you don't use a smartphone or a tablet/computer of ANY TYPE, since they are all hacked pieces of trash anyway, right?
30. 0xFFFF (Posts: 3766; Member since: 16 Apr 2014)
"And the NSA HARDLY has that much involvement with BlackBerry outside of the POTUS's own BlackBerry and some BBOS 6 or 7 handset they hacked a few years ago."
The NSA and Blackberry have been in bed for a long long time. Just read the leaked NSA documents.
31. meanestgenius (Posts: 2264; Member since: 28 May 2014)
You still didn't answer my question. So you don't use any tech like mobile phones, tablets or any other type of computer, right? Being that they're all hacked, right? I'm guessing that you DO.
So, until you're ready to DRINK YOUR OWN KOOL-AID and WALK THE WALK, not just TALK THE TALK, I suggest you simmer down.
33. 0xFFFF (Posts: 3766; Member since: 16 Apr 2014)
"You still didn't answer my question. So you don't use any tech like mobile phones, tablets or any other type of computer, right? Being that they're all hacked, right? I'm guessing that you DO."
Why do you say extreme things like this?
I live in reality just like you do. In this modern world, most jobs involve computers. For the most part, all computers are hacked by the NSA.
Being aware of this doesn't mean a person doesn't use computers. It's like saying a person shouldn't breathe because there is air pollution. It just means you use all the information you have to best make a compromise you are willing to live with.
35. meanestgenius (Posts: 2264; Member since: 28 May 2014)
We all live in this world, in this reality. One would have to be COMPLETELY BLIND or just plain DUMB not to know what's going on. I, for one, just don't need to read it HERE from YOU.
By the way, don't talk about extreme. Almost everything you say is extreme. I just think you're coming off a little hypocritical if your going to "preach" one thing as much as you do, and then do the opposite, that's all. To each his own.
38. 0xFFFF (Posts: 3766; Member since: 16 Apr 2014)
"Almost everything you say is extreme. I just think you're coming off a little hypocritical if your going to "preach" one thing as much as you do, and then do the opposite, that's all."
Okay, what do I preach? To be aware of the deeper realities beyond what the mainstream media presents us? That most big companies are lame and greedy? That Microsoft is a fat lazy monopoly? That Apple lies through their teeth and pretends to be something they aren't? That Google is nothing more than a data acquisition/surveillance company, i.e. spyware central? That government intelligence agencies have made a shambles of security pretty much everywhere?
So let me know what is "extreme". These are basic facts of life.
40. meanestgenius (Posts: 2264; Member since: 28 May 2014)
So what you said isn't extreme but what I said is? Riiiight.....
You're not saying anything that any informed person such as myself does not know. I just don't need to read it here from you. What don't you understand about that statement?
45. 0xFFFF (Posts: 3766; Member since: 16 Apr 2014)
"I just don't need to read it here from you. What don't you understand about that statement?"
I understand that your only goal on this site is to shut down people with opinions that don't agree with you.
46. meanestgenius (Posts: 2264; Member since: 28 May 2014)
Wrong again. But it's my understanding that you have a social problem, so I'll just leave it at that.
Remember, I didn't start this BS first. You did. Run along now.
48. engineer-1701d (Posts: 1245; Member since: 13 Mar 2014)
not hacked because no one uses it lol ask some pros to unlock bb and it will be done , just not worth the time no money or popularity if u do it.
43. InspectorGadget80 (Posts: 6741; Member since: 26 Mar 2011)
But it's sold out on their web site. I was thinking bout buying it do to their security now u mention that.
3. SamDroid (unregistered)
If the phone was rooted, does that mean its now insecure?
Oh and btw when they say that Blackberry is next, do they mean that they'll root it too?
s**t I'm starting to feel like a noob again....
5. BobbyDigital (Posts: 622; Member since: 29 May 2014)
Yes. Rooting the phone would give you all types of permissions that you shouldn't have with that type of phone. I guess the people at Blackphone were a bit too cocky.
Another yes. They'll be trying tdthe same with BlackBerry. I'm eager to see if it can be done with a BB10 device.
8. tedkord (Posts: 5304; Member since: 17 Jun 2009)
That's short for its the number one choice of consumers by a 4 to 1 margin. No matter how many tears you shed.
15. tedkord (Posts: 5304; Member since: 17 Jun 2009)
No, he has an agenda. Two different things.
17. RebelwithoutaClue (Posts: 1197; Member since: 05 Apr 2013)
No he hasnt'. If you look at iOS for instance, it's always one of the first ones to get hacked at black hat conventions. So his statement is nothing more than his hatred towards Android.
19. 0xFFFF (Posts: 3766; Member since: 16 Apr 2014)
"Well, it's Android..."
We know what "Well, it's an iPhone" means:
-- That your phone comes with a complete set of backdoor APIs
-- That the iOS platform is just closed source security theatre, to the point NSA labels iPhone owners as "iZombies".
Security against evil is ultimately the only security that matters. And iPhone offers none, just like every other large phone vendor/platform, including Android, Blackberry, WP.
7. kkmkk (Posts: 110; Member since: 06 May 2013)
on the face .......... dam him .......... wow .... lol :-)
10. DefinitiveKid (Posts: 140; Member since: 15 May 2013)
Most boring smartphone ever... and inefficient at that.
13. meanestgenius (Posts: 2264; Member since: 28 May 2014)
Whoops! Not a "secure" as you thought, eh Blackphone? Anyone who wants the MOST SECURE phone in the industry need look no further than BlackBerry.
Oh yeah...BlackBerry +1, Blackphone-0.
44. sprockkets (Posts: 1365; Member since: 16 Jan 2012)
FYI, the gamma group corporation, who is in business to provide hacking tools for governments and police, cannot break into silent circle's system that black phone uses.
They want to, but can't. Read up about that rogue group at arstechnica.com and see how they just got 40gb of their dirty laundry posted for all to see.
39. Crispin_Gatieza (Posts: 319; Member since: 23 Jan 2014)
There is a price to be paid for being "connected". Last week I was in a transition period and was using my old Treo 680. It felt great to just get phone calls and emails for a week. I was actually able to get more work done.