“Blackphone, touted as the world’s most secure Android phone, has reportedly been hacked in less than five minutes,” Internatioanl Business Times reports. “This feat was accomplished at the recent DefCon hacking conference, by @TeamAndIRC, who are said to have obtained root access in under five minutes.”
“Blackphone is the brainchild of Geeksphone and Silent Circle, and the Android phone is designed to provide data security services, based on Google’s Android Open Source Project (AOSP),” IBT reports. “Blackphone runs on a modified Android OS version termed ‘PrivatOS’ that is forked from Android 4.2 Jelly Bean, to provide multiple security tools/options.”
Read more in the full article here.
MacDailyNews Take: “The world’s most secure Android phone.” A new classic.
[Thanks to MacDailyNews Readers “Fred Mertz,” “Laurie,” and “Dan K.” for the heads up.]
Related articles:
Test proves Apple iPhone users are smarter than those who settle for other handsets – January 2, 2014
Surveillance companies hate Apple’s impenetrable iPhones, iPads; Android infinitely more exploitable than iOS – August 12, 2014
Crucial security flaw found in Google Play: Thousands of secret keys found in Android apps – June 19, 2014
With iOS 8, Apple makes iOS even more secure ahead of smartphone security competition – June 10, 2014
iOS 8′s extensions explained: Opening the platform while keeping it secure – June 9, 2014
New iOS 8 feature lets users cloak their iPhones from tracking by retailers, marketers, other companies – June 9, 2014
New malware takes Android phones hostage, demands ransom for unlock – June 5, 2014
F-Secure: Android accounted for 99% of new mobile malware in Q1 2014 – April 30, 2014
Google’s Sundar Pichai: Android not designed to be safe; if I wrote malware, I’d target Android, too – February 27, 2014
Cisco: Android the target of 99 percent of world’s mobile malware – January 17, 2014
U.S. DHS, FBI warn of malware threats to Android mobile devices – August 27, 2013
Android app malware rates skyrocket 40 percent in last quarter – August 7, 2013
First malware found in wild that exploits Android app signing flaw – July 25, 2013
Mobile Threats Report: Android accounts for 92% of all mobile malware – June 26, 2013
Latest self-replicating Android Trojan looks and acts just like Windows malware – June 7, 2013
99.9% of new mobile malware targets Android phones – May 30, 2013
Mobile malware exploding, but only for Android – May 14, 2013
Mobile malware: Android is a bad apple – April 15, 2013
F-Secure: Android accounted for 96% of all mobile malware in Q4 2012 – March 7, 2013
New malware attacks Android phones, Windows PCs to eavesdrop, steal data; iPhone, Mac users unaffected – February 4, 2013
FBI issues warning over Android malware attacks – October 15, 2012
Researchers discover serious flaw in Android app security, say HTC and Samsung ignore issue – September 28, 2012
Apple’s iPhone has passed a key security threshold – August 13, 2012
Android permissions flaw allows eavesdropping, data theft, location tracking – December 2, 2011
Massive HTC Android security flaw leaves security expert speechless – October 2, 2011
Apple’s iOS unaffected by malware as Android exploits surge 76% – August 24, 2011
Android malware records phone calls; iPhone users unaffected – August 2, 2011
Symantec: Apple iOS offers ‘full protection,’ Google Android ‘little protection’ vs. malware attacks – June 29, 2011
Malware apps spoof Android Market to infect Android phones – June 21, 2011
Google forced to pull several malware-infested apps from Android market – June 8, 2011
Android malware sees explosive growth; even faster than with PCs – April 27, 2011
Virus-laden apps infest Google’s ‘open’ Android platform; iPhone unaffected – March 3, 2011
Security firm warns of new Android trojan that can steal personal information; iPhone unaffected – December 30, 2010
Trojan infects Android smartphones; iPhone unaffected – August 10, 2010
Millions of Android phone users slammed by malicious data theft app – July 29, 2010
Unlike proactive Apple, reactive Google doesn’t block malware from Android app store – June 4, 2010
Malware designed to steal bank information pops up in Google’s Android app store – January 11, 2010
Android: Open in all the wrong ways…
It is the most secure.
Other Android phones were hacked in 30 seconds.
Well at least the Blackphone didn’t hack the user like the Amazon with its 4 user facing cameras!
The word oxymoron comes to mind, for some reason
Is there such a thing as a oxymoronic sentence?
If there is, we have surely witnessed a flood of them at MDN…if one were to subtract the ‘oxy’ part, at least 🙂
Yup!
“We’re from the government and we’re here to help?”
Of course one would have to compare that with the world’s most insecure Android Phone to see if there is a difference.
Reminds me of what I once read about Windows security, that is was like an unlocked car in a parking lot with the windows rolled down and a sign on the windshield saying “please don’t steal me.”
Hence MDN’s “a new classic.”
like deafening silence?
Or little giants?
Or Surface ‘laptop’?
No matter how much you claim android is insecure, the truth is that nobody is able to stole money from an android user… Because android users are poor and don’t have a penny 🙂
Well, in fact, they do get robbed at least one.. When they brought their iPhone wannabe.
Troy, you’re cracking me up.
To be fair, they didn’t say that makes it real secure.
By comparison, does anyone know how an iPhone would do (or has done)?
Here is my guess, prior to showing up at DefCon it took them quite a while to find a way to get root access. Then when they arrive showing their skills they took five minutes to do what probably took them months to figure out.
Really folks, you think someone just walks in decides to root a device then does it under five minutes? Please.
Rooting Android? Yes. Done in 30 seconds or less. By many. To root the “SecureAndroid”tm phone probably took them 4 minutes to figure out and one minute to actually pown it.
That is what the Safari and OS X winners have always said: They discovered the hole some time ago and then perfected a way to abuse it, then instead of reporting it to the company, they waited to reveal it at the conference.
Yes. This is the way it’s always been.
The hacker group chooses a high profile target that will get them lots of short term fame and their names reported on lots of sites. They then spend weeks or months finding a way to hack that target. Finally, they show up at one of these events and demonstrate their hack within minutes. The press then reports that the famous platform has been hacked in under XX minutes.
As I see it, the biggest issue here is that the Blackphone is specifically designed to be *much* more secure than any other Android phone. It has a specifically modified Android OS to make it more secure. It’s not supposed to be hacked even with considerable effort. Unless it took that team *several* months to hack the Blackphone, the implementation is a failure.
The reality is no smartphone is 100% secure, not even the iPhone. There are specific smartphone implementations used by certain small groups within the U.S. Government that have phones tested and approved by the U.S. NSA that are virtually hackproof, but it is recognized by those organizations that even those phones are not 100% hackproof — just that hacking them will take a State Actor a couple years or more to get into them.
It will be very interesting to read over the next couple of days about the details of this Blackphone hack, how difficult or easy it was to find and implement, how remotely can it be implemented (hacks where you have to have physical access to the phone shouldn’t count, but something that can be implemented over a cellular connection is really scary), and just what level of control the hacker actually has (saying “root access” or “shell access” is far too nebulous a term to really mean anything).
It doesn’t matter how long it took them to figure out the hack, it only matters how long it takes to apply the hack.
This is where your statement “no phone is 100% secure” misses the point. The question is “Is it so easy to hack a phone that it is economically beneficial for hackers?”. The answer to this is either “yes” in which case hackers will mount sustained automated attacks, or “no” in which case an exploit is unlikely to be actually used in most cases.
No car is secure, but if it takes an hour to get into your car it is very very safe. If it takes a few minutes and you have valuables in it? Not so safe.
True, but when your car is built, it is forever that secure. With technology, updates can render your year of research into an exploit null and void. That’s the point of concern for Android devices never receiving updates from their carriers. The Android devices are more like your car example.
The world’s most secure Android phone is one that has been crushed.
Steamroller baby!
“World’s most secure android phone”,
is like
World’s tallest midget!
Sorry i have to disagree.
Midgets are capable of being a benefit to society. They are able to live honestly without stealing. They are able to survive the day without breaking down or needing resetting. They can be attractive. They are as valuable as any designed human.
But we get your point
And we get your point. Android has no benefit on society. Very nice. 🙂
Obviously this level of security will earn Android high marks in enterprise as door stops and circular file fillers.
Not to mention handy paperweights to stop documents blowing off a desk when a window is opened.
especially that wooshing sound as the windows crashes and needs to be rebooted, again……
i like what you did there with the windows thing…. had to add
Where are the android trolls, hmmm ?
Care to comment Altman ?
Good entertainment.
While security is of paramount importance, No device is totally secure. And, you shouldn’t worry if it is or not.
Sensible security practices start at home.
1 Have a good passcode
2 Use it.
From the article
“Hackers declared at the Black Hat security conference that they discovered two security issues in Blackphone’s security mechanism.
One issue was exploited by gaining access to the Android Debug Bridge (ADB), and the other issue was exploited by executing a chain of commands to obtain confidential data, by obtaining shell access.
However, the second issue has reportedly been fixed, and the first issue regarding opening up ADB is reportedly not a vulnerability, and the ADB was earlier closed (disabled) to prevent bugs.”
Translation: cannot happen to an up to date Blackphone in the real world. This is similar to supposed compromises of Macs that required physical access to the hardware yet were trumpeted as software vulnerabilities.
A non issue. The truth matters, people.
Your argument is fundamentally flawed as you assume that hardware access isn’t possible.
What is important is: if I steal (err .. find) the device, can I take it back to my lab where I have all my debug equipment and get the device to enter developer mode by somehow hacking the serial command interface and rooting the phone.
The next question is whether or not the data on the phone is encrypted and the certificates on the phone to decrypt the data can’t be hacked.
The point is that most posters read the headline, accepted it as gospel truth and went on. The truth is that the means by which the supposed hacker compromised the phone was by turning on a feature that is turned off on the Blackphone and the other by an already patched flaw.
Blackphone patched the flaw in 3 days- not bad compared to how long Apple has left publicly known flaws exposed on Mac and iOS devices in the past.
I am not a Blackphone user and am not an Android apologist, but the story played fast and loose with the facts.
The comment regarding physical access was a reference to the fact that if one has physical access to any currently sold consumer operating system it can be compromised. If your hack requires physical access it is not the same kind of concern as a vulnerability through the wireless network.