Blackphone contained serious privacy breach
A security researcher has found a vulnerability in the instant messaging client developed by Silent Circle for the BlackPhone. Due to the presence of a so-called confusion-vulnerability type, an attacker can read encrypted messages, among other things.
Researcher Mark Dowd of the firm Azimuth Security discovered the bug in SilentText, an instant messaging client that runs standard on the BlackPhone and is also freely available in the Play Store. Specifically, it concerns a type of confusion vulnerability in libscimp, a component that incorporates the Silent Circle Instant Messaging Protocol for encrypting messages.
By sending a manipulated package to the owner of a BlackPhone, for which information about a telephone number or a Silent Circle ID is sufficient, a memory error occurs. This allows an attacker to decrypt messages on the ‘safe’ mobile phone, request location data, steal contacts or manipulate the settings of a BlackPhone.
Silent Circle would have closed the leak in the libscimp file by now. The company had been tipped off by Dowd about the issue. The researcher has posted an extensive analysis of the problem on his blog.