Vulnerability puts users of privacy-focused Blackphone at risk
Blackphone is marketed as the most secure Android phone available so it's bad news that researchers at endpoint protection specialist SentinelOne have uncovered a vulnerability in the Blackphone One that would allow some of the phone’s protection features to be bypassed.
The vulnerability means that apps could be installed without asking for permissions, so they could access features and information on the phone without the user’s knowledge.
Among things the vulnerability would permit are, sending and receiving text messages without the user’s knowledge, checking the state of phone calls silently (what number the call is connected to and was it incoming or outgoing), and forcing conference calls with other numbers.
SentinelOne's director of mobile research Tim Strazzere says, "The issue lets you talk directly to the modem at the firmware level, so Android doesn't know what's going on. This also means that the user wouldn't know if, for example, call forwarding had been set up".
The vulnerability arises through a socket that has been left open and accessible on the Blackphone. Although it hasn't been seen in the wild it could be exploited using a malicious app.
Once SentinelOne had validated its findings it reported them to SilentCircle, Blackphone's parent company, and it has now been fixed via SilentCircle’s bug bounty program.
Strazzere notes on the SentinelOne blog, "This vulnerability illustrates the breadth and depth of the attack surface on this and other devices. It also raises some important considerations for security professionals. First, even the most 'secure' systems can be vulnerable to attacks. Second, the increasing proportion of third party technology (hardware, drivers, software libraries, etc.) used in today’s devices makes detecting and remediating flaws more difficult than ever. And finally, virtually all vulnerabilities require some form of malware in order to be remotely exploited. Monitoring processes on a device can provide an important layer of detection and response when apparently legitimate requests to perform system functions originate from anomalous sources".