Silent Circle's Blackphone Was at Risk From Vulnerability


We live in a world where our smartphones and online accounts are some of the primary ways we communicate with each other. That's all fine and well, but these devices and services rely on data and servers that are outside of our control, and there's been a big question mark hanging over them for a couple of years now asking just how safe these devices are. This has led to specialist devices such as the Silent Circle Blackphone and Sikur's Granitephone. In this latest vulnerability report, it seems that not even devices like the Blackphone are 100% secure.

A pretty serious vulnerability for the original Blackphone was discovered and published on the Sentinel One blog that could lead to a total takeover of the phone. It appears as though the NVIDIA Icera LTE modem was the main culprit coupled with an opened socket pointing to the modem. It was then discovered that, without the user's knowledge, such a vulnerability could lead to changing call forwarding settings, adding another number to an ongoing call and sending a text without Android even showing a UI popup or feedback. Vulnerabilities are found for operating systems and devices all the time, but it's what happens next that is the key to whether something becomes a threat or not. This new find was given the code CVE-2015-6841 and fixed in the PrivatOS 1.1.13 update to the phone. Dan Ford, Chief Security Officer for Silent Circle said that vulnerabilities were inevitable and it's how you react that's the big deal, he then went on to say "How does Silent Circle react? We patch vulnerabilities and give credit where credit is due".


This sort of thing shouldn't come as too much of a surprise, after all there's a whole industry of white hat hackers out there looking for bugs and holes to crack open and then sell to the manufacturer for a profit. Big names like Google practically encourage it, and so far it's been working fairly well. Sentinel One published a timeline from when the vulnerability was found, in August of last year, to when it was officially patched, in December of last year. That's a pretty slow turnaround to be honest, but it wasn't until the second week of September that was given a CVE classification. Regardless, this is a good example of how to patch vulnerabilities the right way, it's just a shame Silent Circle weren't quicker.

Share this page

Copyright ©2016 Android Headlines. All Rights Reserved.

This post may contain affiliate links. See our privacy policy for more information.
Former Editor-in-Chief

For years now I've had a heavy interest in technology, growing up with 8-bit computers and gaming consoles has fed into an addiction to everything that beeps. Android saved me from the boredom of iOS years ago and I love watching the platform grow. As an avid reader and writer nothing pleases me more than to write about the exciting world of Android, Google and mobile technology as a whole.

View Comments