Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Encryption Privacy

Encrypted Blackphone Patches Serious Modem Flaw (threatpost.com) 27

msm1267 writes: Silent Circle, makers of the security and privacy focused Blackphone, have patched a vulnerability that could allow a malicious mobile application or remote attacker to access the device's modem and perform any number of actions. Researchers at SentinelOne discovered an open socket on the Blackphone that an attacker could abuse to intercept calls, set call forwarding, read SMS messages, mute the phone and more. Blackphone is marketed toward privacy-conscious users; it includes encrypted messaging apps such as SilentText and Silent Phone, and it runs on a customized, secure version of Android, called PrivatOS.
This discussion has been archived. No new comments can be posted.

Encrypted Blackphone Patches Serious Modem Flaw

Comments Filter:
  • by Gravis Zero ( 934156 ) on Thursday January 07, 2016 @03:51AM (#51254161)

    Baseband processors (aka modems) have been the greatest technical weakness in cellphones since the dawn of SIM cards. They operate independently of the primary CPU and still crash when fuzzed and yet still have DMA lines to your RAM. Perhaps the bigger problem is how absurdly complex the ever growing number of protocol standards there are for baseband processors.

    • by xarragon ( 944172 ) on Thursday January 07, 2016 @09:29AM (#51255243)

      The exploit is not in the baseband; it is a local socket on the phone accessible by apps with no special privileges (as far as I can tell).

      Phil Zimmerman gave a talk on the Blackphone at Defcon 22:
      DEF CON 22 How To Get Phone Companies To Just Say No To Wiretapping [youtube.com]

      I have transcribed this from the time 26:10 in the video:
      26:10 Question from audience member:
              Hi, so traditional phones are dependant on the baseband processor,
              which has a whole lot of flaws depending on the protocols that they
              are using. What are you doing to mitigate baseband processor factors?

              Zimmerman:
              Yeah, that is a good question. We had a meeting at Nvidia, because
              Nvidia makes the chipsets that we are using for Blackphone.
              And Nvidia had apparently aquired a company a while back that
              made a baseband processor. It was built around a software defined
              radio.

              And I asked them that questiom; Can we do an independant security
              review for the for firmware for the baseband processor.
              And they said they would be open to that.

              In fact, they were delighted to have a customer expressing interest
              in really taking a close look at their baseband processor;
              no other customer had ever brought up the question before.

              You know, no other customer is as obsessive over it as we are.

      I guess they should have spent some time looking at their own stuff rather than other people's code in this case.

      • I guess they should have spent some time looking at their own stuff rather than other people's code in this case.

        Yeah, really. I would have thought that a product being advertised has having such comprehensive security would have each firmware release candidate thoroughly tested for such things under a variety of situations. Having missed an open port listening for traffic, even if it's only in the internal environment, doesn't give me a lot of confidence that there aren't other problems to be found.
        • by swb ( 14022 )

          How can they possibly be expected to keep up with the latest trends in user interface graphic design if they spend their resources on complex and time-consuming security reviews? We need to rev this sucker every 9-12 months with new GUI designs to keep it fresh and relevant. UI experts are finding new and improved ways to do familiar tasks based on the latest trends in all-white backgrounds, small type, big buttons and the latest in little spinning widgets that show you how hard your phone is working.

          If w

  • Neo900 phone (Score:4, Interesting)

    by Anonymous Coward on Thursday January 07, 2016 @03:57AM (#51254169)

    The Neo900.org phone deliberately uses a CPU that does not have a modem built into it. The modem is a separate chip, and there is a watchdog chip that instantly resets it if it tries to do anything when supposed to be off.

    • by jonwil ( 467024 )

      Its also physically impossible for anyone to remotely activate the microphone on the Neo900 or remotely steal audio (all audio that gets sent to the modem goes via the AP and some still-being-written open source userspace blobs (which I happen to be involved with in a limited way)

      • Its also physically impossible for anyone to remotely activate the microphone on the Neo900 or remotely steal audio

        unless there is a switch that you have to manually flip to connect and disconnect the microphone, you don't understand what "physically impossible" actually means.

    • Re: Neo900 phone (Score:4, Interesting)

      by bill_mcgonigle ( 4333 ) * on Thursday January 07, 2016 @05:07AM (#51254303) Homepage Journal

      Reportedly they've gotten PayPal to cripple that project. [neo900.org]

      • Looks pretty much like someone thought that they'd be buying a phone and complained to PayPal when they didn't get one and then PayPal treat it like any old eBay auction dispute.

    • The Neo900.org phone deliberately uses a CPU that does not have a modem built into it. The modem is a separate chip

      this is the case with almost all cellphones.

      and there is a watchdog chip that instantly resets it if it tries to do anything when supposed to be off.

      that's interesting but far from bullet-proof. the modem chip they are using, yep, made and programmed by gemalto. basically, it's security is only a smidgen better than every other cellphone on the market.

      • Re: (Score:2, Interesting)

        by Anonymous Coward

        From their FAQ:
        http://neo900.org/faq

        Isn't a non-free baseband firmware a privacy issue?

        We're going to address privacy concerns of non-free modem firmware by ensuring that the modem has access to no more data than absolutely necessary, so it won't be able to spy on anything that's not already available on carrier side. On Neo900 one can be sure that the modem is actually turned off when requested, not just pretending to be. Users will be notified in case of the modem wanting to do something without their con

    • From what I'm reading on their web post about the issue, it seems like there might be *ulterior motives* to PayPal blocking Neo900 from getting their funds to run business as usual.

      Probably because the tech inside the phone (modem separated from CPU and cannot be remotely activated whatsoever) poses a real danger to surveillance efforts from the US government, at least.

      This is, of course, all speculation with a dash of paranoia. Maybe it is just some technicality that will be resolved in short order.

Utility is when you have one telephone, luxury is when you have two, opulence is when you have three -- and paradise is when you have none. -- Doug Larson

Working...