web stats

Blackphone update closes security hole

A vulnerability in a third-party component used by Blackphone could result in an attacker gaining control of the phone’s modem functions.

Researchers stumbled upon an open and accessible socket on the Blackphone during a reverse engineering exercise, said Tim Strazzere, director of mobile research at security software startup SentinelOne.

Blackphone is considered the most secure phone available as it has encryption built-in, providing secure voice calling, text messaging, videoconferencing, and file transfer by default. However, the open at_pal socket would have let attackers send SMS messages or forward incoming calls without the users being aware of what was happening.

SilentCircle has confirmed the vulnerability and patched the flaw. An update including a fix for this bug was released in early December.