A vulnerability that allows an attacker to act as a ‘shell user’ on the first version of SilentCircle’s Blackphone has been discovered by SentinelOne, purveyors of endpoint security. The Blackphone gained notoriety in the security industry for being the only phone that provides users control over app permissions, such as the bundled Silent Phone and Silent Text services that anonymise and encrypt communications so no one can eavesdrop on voice, video and text calls. In speaking with SCMagazine.com, SentinelOne chief security officer Udi Shamir said Silent Circle left an open socket that an attacker could use to communicate with the phone’s modem directly. The flaw only affected the Blackphone 1. SilentCircle’s Blackphone 2 was not impacted by the vulnerability, Shamir said.
View full story
ORIGINAL SOURCE: SC Magazine