Blackphone gets rooted at BlackHat security conference

Blackphone gets rooted at BlackHat security conference
There is nothing like calling out competitors in a race to win. It happens in just about every sport as well as other industries. Social media has enabled a whole new level of communication when it comes to proclaiming victory as well as setting the stage for utter embarrassment.

Blackphone is a venture by Silent Circle and Geeksphone, and it is designed to provide a suite of secure services running on a fork of the Android Open Source Project (AOSP). Called PrivatOS, it is meant to provide a consumer level access to secure options that protect personal data from being leaked to third parties.

The advent of seeing a device like the Blackphone come to market was in the wake of all the Edward Snowden shenanigans, so there was a receptive audience to the purported capabilities of this device. Of course, the Blackphone was not marketed as an “NSA-proof” device, but that became the running joke once it was unveiled at MWC 2014.

The dominant player in the smartphone security line is BlackBerry, a company that has taken great pride and strides to be the “truly secure” mobile platform for the enterprise and the company’s precious government customers.

So naturally, Blackphone and BlackBerry started kicking sand on to each other’s turf to talk about how awesome their own security features were. We are not going to re-hash that drama here, because @TeamAndIRC was able to root a Blackphone in less than five minutes at the BlackHat security conference.

Now before everyone runs away with that revelation, one of the vulnerabilities has already been patched, and it appears that the only other exploitable portion is possible with direct user permission. That did not stop a fair amount of poking a little fun at Blackphone though, “It is apparent that no one ran a [compatibility test suite] on this device.” Last time we checked, two-thirds of the exploit path had been given the Blackphone.

The crux of Blackphone’s security features do not lie solely within PrivatOS, as there is a suite of security applications that ship with the device too. However, it is not the greatest of feelings when that OS which all those apps and features work on was able to be “handled” so easily.

While that might seem like easy pickings for BlackBerry, @TeamAndIRC promise that BlackBerry is their next target, ribbing the gang in Waterloo by stating that BlackBerry security is “security by lawsuit.”

UPDATE: As we were following the ongoing conversation about @TeamAndIRC's accomplishment, it is evident that the root did not take less than five minutes.  Apparently that was a mis-quote from when someone thought they had five minutes left to complete the task.  So, the root did not take less than five minutes.  The team is still looking into the vulnerabilities they have found so far, with one portion still being examined and will be disclosed privately when fully understood.


sources: @TeamAndIRC via N4BB

FEATURED VIDEO

49 Comments

42. rns122112 unregistered

Jcase does it again. Can he be stopped?

39. Crispin_Gatieza

Posts: 3201; Member since: Jan 23, 2014

There is a price to be paid for being "connected". Last week I was in a transition period and was using my old Treo 680. It felt great to just get phone calls and emails for a week. I was actually able to get more work done.

49. reckless562

Posts: 1153; Member since: Sep 09, 2013

thank you!!!

13. meanestgenius

Posts: 23090; Member since: May 28, 2014

Whoops! Not a "secure" as you thought, eh Blackphone? Anyone who wants the MOST SECURE phone in the industry need look no further than BlackBerry. Oh yeah...BlackBerry +1, Blackphone-0. BB10 FTW!

44. sprockkets

Posts: 1612; Member since: Jan 16, 2012

FYI, the gamma group corporation, who is in business to provide hacking tools for governments and police, cannot break into silent circle's system that black phone uses. They want to, but can't. Read up about that rogue group at arstechnica.com and see how they just got 40gb of their dirty laundry posted for all to see.

10. DefinitiveKid

Posts: 264; Member since: May 15, 2013

Most boring smartphone ever... and inefficient at that.

7. kkmkk

Posts: 699; Member since: May 06, 2013

on the face .......... dam him .......... wow .... lol :-)

6. JakeLee

Posts: 1021; Member since: Nov 02, 2013

Well, it's Android...

8. tedkord

Posts: 17529; Member since: Jun 17, 2009

That's short for its the number one choice of consumers by a 4 to 1 margin. No matter how many tears you shed.

12. sprockkets

Posts: 1612; Member since: Jan 16, 2012

He's a mindless troll, ignore him.

14. dexter_jdr

Posts: 1163; Member since: Jun 28, 2012

He has a point though.

15. tedkord

Posts: 17529; Member since: Jun 17, 2009

No, he has an agenda. Two different things.

17. RebelwithoutaClue unregistered

No he hasnt'. If you look at iOS for instance, it's always one of the first ones to get hacked at black hat conventions. So his statement is nothing more than his hatred towards Android.

19. 0xFFFF

Posts: 3806; Member since: Apr 16, 2014

"Well, it's Android..." We know what "Well, it's an iPhone" means: -- That your phone comes with a complete set of backdoor APIs -- That the iOS platform is just closed source security theatre, to the point NSA labels iPhone owners as "iZombies". Security against evil is ultimately the only security that matters. And iPhone offers none, just like every other large phone vendor/platform, including Android, Blackberry, WP.

4. sip1995

Posts: 1771; Member since: Feb 07, 2014

What a shame for the company.....

3. SamDroid unregistered

If the phone was rooted, does that mean its now insecure? Oh and btw when they say that Blackberry is next, do they mean that they'll root it too? s**t I'm starting to feel like a noob again....

5. BobbyDigital

Posts: 2126; Member since: May 29, 2014

Yes. Rooting the phone would give you all types of permissions that you shouldn't have with that type of phone. I guess the people at Blackphone were a bit too cocky. Another yes. They'll be trying tdthe same with BlackBerry. I'm eager to see if it can be done with a BB10 device.

2. Duketytz

Posts: 534; Member since: Nov 28, 2013

Hahaha I love that T-shirt!

1. sriuslywtf

Posts: 297; Member since: Jul 09, 2013

Ouch... BB FTW

9. _Bone_

Posts: 2155; Member since: Oct 29, 2012

You do realize that every Blackberry phone is being tracked cause... you know, it's a Blackberry and agencies think you must store something valuable on it if you bought one. Digital security is an illusion. A piece of paper kept between your balls is still the only way you'll keep something hidden, that is until you meet the wrong prost...

16. Droid_X_Doug

Posts: 5993; Member since: Dec 22, 2010

Further, BB's 'security' model is based on BES, which is server-based. Servers are the foundation for man-in-the-middle hacks, so don't go thinking that BB is the God of security, 'cause it isn't.

18. meanestgenius

Posts: 23090; Member since: May 28, 2014

When it comes to the other OS's out there, they are. BB10 and BES 10 have yet to be hacked. By the way, their entire security model IS NOT based off of BES. There are MANY other things that go into what makes their end to end solution the most secure in mobile.

20. 0xFFFF

Posts: 3806; Member since: Apr 16, 2014

"When it comes to the other OS's out there, they are. BB10 and BES 10 have yet to be hacked." You are just drinking different kool-aid. Security against "hackers" is worth what? Next to nothing. Because this risk is minimal. A much more substantive risk is falling afoul of someone in government, or someone else influencing government to get something from you that they want, say a piece of property. And governments have complete access to your BB phone and BES data. A well-funded "hacker" is going to go this route and do whatever they want to do, and you may never know.

21. meanestgenius

Posts: 23090; Member since: May 28, 2014

....says the conspiracy theorist.

22. Droid_X_Doug

Posts: 5993; Member since: Dec 22, 2010

How do you think Angela's BB got hacked by the NSA? Please don't whine about how a new version of BBOS is patching past holes in the OS. There are more ways to crack/hack a server than ever. That is why point-to-point encryption has become the accepted gold standard for secure communication in the cryptographic community.

23. meanestgenius

Posts: 23090; Member since: May 28, 2014

Her BBOS7 phone? Right.... As I said BB10 has yet to be hacked, and with the purchase of Secusmart, they have further strengthened their security. Let's be clear ABSOLUTELY NO PHONE is hack proof. But with the steps that BlackBerry has taken with their security measures, ESPECIALLY with BB10, it makes their current line of handsets harder to hack than the rest. No whining necessary. That's a FACT. BB10 HAS YET TO BE HACKED. That's why BlackBerry is the GOLD STANDARD when it comes to mobile security. More governments and and security-conscious organizations put their faith and use BlackBerry phones more than any other mobile phone. For those businesses that do not, or use a minimum of BlackBerry mobile phones, they use BES 10 to manage those phones. These are FACTS. You need me to provide links? Just say so....

25. 0xFFFF

Posts: 3806; Member since: Apr 16, 2014

"As I said BB10 has yet to be hacked, and with the purchase of Secusmart, they have further strengthened their security." BS. They purchased Secusmart so they have complete control over the platform, i.e. can put in whatever backdoors that are required by the NSA and others. True security involves an independent set of checks and balances. Not a single vendor and "trust us". So, while you can get all amped up on the BB Kool-Aid, there is zero security for BB, just like all other major mobile vendors. This is reality. It isn't pleasant, but it is what we all have to live with.

27. meanestgenius

Posts: 23090; Member since: May 28, 2014

....and you OF COURSE, have PROOF of all of this? That this is why BlackBerry made this purchase?

47. hawbman

Posts: 8; Member since: Aug 10, 2014

Check again your fact. It's the Nokia of Merkel that was being hacked.

24. 0xFFFF

Posts: 3806; Member since: Apr 16, 2014

"....says the conspiracy theorist." Sheesh. Wake up and read the Internet. There are tons of documents about NSA involvement with Blackberry, Apple, Microsoft, etc. And those documents are a tiny subset of everything that is in place today. Maybe it could have been called "conspiracy theory" before Snowden, but now it is factual reality.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless