Blackphone, which is special made with the concerns for users privacy and claimed to be the most secure phone and also called as
NSA-Proof has just got rooted within 5 minutes at the ongoing BlackHat Security conference.
Researcher with the twitter handle @TeamAndIRC have tweeted the
claim report for rooting the Blackphone. Researcher have rooted the phone in a simple way that he didn't need to unlock the device bootloader also. The hacker even mocked Blackphone’s team by saying that “It is apparent no one ran CTS [compatibility test suite] on this device.”
Blackphone is a venture by Silent Circle and Geeksphone, and it is designed to provide a suite of secure services running on a fork of the Android Open Source Project (AOSP). Called PrivatOS, it is meant to provide a consumer level access to secure options that protect personal data from being leaked to third parties.The ultra secure smartphone which promise to give the strong security to the users privacy was basically a bundle of some secure service which was running on the base of Android operating System.
On twitter account researcher points out three Blackphone hacks-
- USB debugging/dev menu removed, open via targeted intent
- Remotewipe app runs as system, and is debuggable, attach debugger get free system shell
- System user to root, many available
Researcher also mentioned that the exploit leads to the root privilege has been patched and other remaining exploit need direct users permission. But it was a nasty situation that the most secure Android phone had a such type of security and the security claim was just a suite of a secure service.
