The Blackphone smartphone, a handset that was touted as one of the most secure smartphones in the world, had a vulnerability that could lead to its modem being exploited by attackers, according to researchers from SentinelOne, a cyber-security firm.The smartphone was a joint effort by SilentCircle and Geeksphone, and has since been patched.
As per the researchers, exploiting the vulnerability a hacker could send and receive text messages; dial or connect calls; view phone call status including the phone number dialled; reset APN/SMSC/Power settings; force conference calls with other numbers; mute the modem speaker; force/unforce caller ID settings; force/unforce caller ID settings; find neighbouring cell towers connected to, and register a call forwarding number without letting the Blackphone owner know about it.
The vulnerability was found last year by Tim Strazzere of SentinelOne, and was addressed and accepted by SilentCircle in September and was resolved in a patch released by the company in December. The fix for the CVE -2015-6841 vulnerability come with the PrivatOS v1.1.13 update.
Although the flaw was fixed by the company, it still raises a question about user data security and privacy. This also makes it apparent that all the devices have vulnerability in one way or another – even the most secure device. SentinelOne said it found the Blackphone vulnerability during a training exercise, adding that it would have been very difficult to find or exploit by attackers.
Dan Ford, the Chief Security Officer at Silent Circle in a blog post thanked Strazzere and said the flaw only affects the Blackphone first-gen model with Nvidia Icera modem chip and the open socket used to communicate with it. “Vulnerabilities are inevitable. It is how you react to those vulnerabilities that counts. How does Silent Circle react? We patch vulnerabilities and give credit where credit is due,” he said.