The mobile device BlackPhone, which was marketed as a super secure phone, has just had to run a patch to fix a vulnerability which allowed hackers to compromise the devices.
The malicious code was able to attack the devices through no more than the Silent Text application.
The BlackPhone device is actually a target for hackers who view the owners of the device as high profile victims because owners of the device actually paid around $630 for its security features. People willing to pay this much for a phone must have calls and messages that they want to keep secure.
The well-known Sydney hacker and co-founder of Azimuth Security Mark Dowd (@mdowd) found out the flaw towards the end of 2014 while BlackPhone was developing the fix at the time. Dowd noted that hackers who exploited the vulnerability could remotely control the device.
While it took Dowd a week to find the flaw, he has been known to report vulnerabilities before such as one he discovered in the ZRTP third-party library used in the Silent Phone app in 2013. He was interested in the marketing of those Silent Suite apps and took to researching them further.
The Silent Suite actually encrypts phone calls and messages to keep away eavesdroppers through mass surveillance. Dowd wanted to know how effective they would be against targeted attacks. Dowd’s discovery shows that the vulnerability in the Silent Text lay in the Silent Circle Instant Messaging Protocol (SCIMP) library which is what encrypts your messages.
BlackPhone and its Silent Text app were created at a time when there was major uprising against global spying in the post-Snowden WikiLeaks era. While it remains unclear how many BlackPhones have been sold and are in use right now, it is known that the Silent Text app has had over 50,000 downloads.