Now that is only part of the equation as even when someone intentionally creates a product to be secure a mistake or other lapse can leave it just as open as every other device on the market. This is what security researcher Mark Dowd, founder of Azimuth Security found when he was playing around with a newly purchased BlackPhone. He found that even in a device as secure as the BlackPhone is supposed to be there was an issue with the SilentText that could leave users very exposed.
The flaw, which has already been patched, was a memory corruption issue that could allow for arbitrary code execution on the target device. This would allow the attacker to do all sorts of bad things including decrypt text messages, read contacts, gather location information, and even write to storage on the phone. The flaw was serious enough that all an attacker would need is the phone number or Silent Circle ID. The bug appears to exist in all versions of the SilentText app making it extend beyond the realm of the BlackPhone.
Both Silent Circle and SGP Technologies (makers of the BlackPhone) have an open bug bounty program which helps them find and quick fix bugs in their apps and devices. Since their introduction a total of 37 bugs have been found and fixed in Silent Circle apps while the BlackPhone has had a total of 25.
We have said it before and we will say it again: there is no such thing as a completely secure product Be careful out there, even using supposedly “secure” devices.
Tell us what you think