Black Phone contained serious privacylek




A security researcher has discovered a vulnerability in the instant messaging client developed by Silent Circle to the Black Phone. Due to the presence of a so-called confusion vulnerability type can be read, among other things, an attacker encrypted messages.

Researcher Mark Dowd of Azimuth Security firm discovered the bug in Silent Text, an instant messaging client that runs natively on the Black Phone and is freely available in the Play Store. It is specific to a type of confusion vulnerability in libscimp, a component in which the Silent Circle Instant Messaging Protocol is incorporated for encrypting messages.

By the owner of a Black Phone send a manipulated package which information about a phone number or Silent Circle ID is sufficient, there is a memory error. This allows an attacker to decrypt include messages on the “safe” mobile, location data retrieval, contacts steal or manipulate settings of a Black Phone.

Silent Circle would leak into the libscimp file have now closed. The company was tipped off by Dowd about the problem. The researcher has on his blog a detailed analysis placed the problem.


In: Technology & Gadgets Asked By: [15500 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »