Serious vulnerability discovered in 'secure' Blackphone

The manufacturer of the secure Blackphone smartphone has issued a patch for a newly-discovered vulnerability that allows attackers to compromise devices through the phone's messaging application.

Founder of security consultancy Azimuth Security, Mark Dowd, today published details of what he called a "serious memory corruption vulnerability" within the Blackphone's bundled Silent Text application.

The flaw allows attackers to run malicious code on the Blackphone - which has been marketed as the first consumer-grade handset purely focused on security and privacy - without obtaining any more details than a phone number or the user's ID.

Dowd said he discovered the flaw during general research late last year. He said he also found that if coupled with a privilege escalation exploit, the flaw could be used to take over control of the device.

The flaw - a type confusion vulnerability - exists in the Silent Circle instant messaging protocol (SCIMP) library, which in conjunction with the SilentText messaging app allows users to send and share encrypted text messages and files.

The vulnerability "allows an attacker to directly overwrite a pointer in memory (either partially or in full), which when successfully exploited can be used to gain remote, unauthenticated access to the vulnerable device", Dowd wrote.

Attackers would be able to decrypt messages, write to external storage, read contacts, access location information, and run additional code of their choosing, he said.

Patches have been issued for both app store and product updates.

Dr. Daniel Ford, Silent Circle chief security officer, said Dowd's findings were an example of "great research" and the company was "extremely appreciative of his efforts".

"We have since patched that vulnerability and are pleased that Mr. Dowd agrees it has been resolved by an update to the application," Ford wrote.

"Silent Text v1.8 contains the update to address this vulnerability; in order to ensure your client is not vulnerable, please download version 1.8 from the publicly available app stores if you have not already done so.

"At this time there are no known publicly available exploits that would be capable of taking advantage of the vulnerability reported by Mr. Dowd.

The Blackphone launched last year at security-conscious smartphone users concerned about the safety of their communications in the wake of the Snowden revelations. It provides encrpytion and other privacy features for calls, texts, emails and web browsing.