News

Blackphone contained serious privacy breach

By admin
Spread the love

A security researcher has found a vulnerability in the instant messaging client developed by Silent Circle for the BlackPhone. Due to the presence of a so-called confusion-vulnerability type, an attacker can read encrypted messages, among other things.

Researcher Mark Dowd of the firm Azimuth Security discovered the bug in SilentText, an instant messaging client that runs standard on the BlackPhone and is also freely available in the Play Store. Specifically, it concerns a type of confusion vulnerability in libscimp, a component that incorporates the Silent Circle Instant Messaging Protocol for encrypting messages.

By sending a manipulated package to the owner of a BlackPhone, for which information about a telephone number or a Silent Circle ID is sufficient, a memory error occurs. This allows an attacker to decrypt messages on the ‘safe’ mobile phone, request location data, steal contacts or manipulate the settings of a BlackPhone.

Silent Circle would have closed the leak in the libscimp file by now. The company had been tipped off by Dowd about the issue. The researcher has posted an extensive analysis of the problem on his blog.

You might also like
News

Blizzard will release certain games via Steam, starting with Overwatch 2

News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Microsoft announces Bing Chat Enterprise and Copilot pricing for businesses

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Nvidia releases GeForce RTX 4060 Ti variant with 16GB memory