HITB2016AMS

Exploiting Silent Circle's Secure Blackphone

http://www.eweek.com/imagesvr_ce/7441/290x195blackphone.jpg

The highly secure device could have been exploited, were it not for the responsible disclosure by a security researcher.

Any modern device is made up of multiple hardware and software components, any one of which could represent a potential risk. That's a reality that secure mobile phone vendor Silent Circle has learned with its Blackphone, thanks to the responsible security disclosure from Tim Strazzere, director of mobile research at SentinelOne.

Strazzere found that there was a misconfigured driver for an Nvidia Icera modem that could have potentially enabled an attacker to exploit the Blackphone and its users. Silent Circle has already patched the issue, and there are no reports of any user being exploited by the vulnerability. The issue also only impacted the first generation of the Blackphone, which has been superseded by the Blackphone 2, which does not use the same modem.