Serg Nvns - Fotolia
The Blackphone was supposed to offer more security and privacy than your average smartphone, but I read about a critical modem vulnerability in the device that could allow attackers to hijack a Blackphone. How does this Icera modem vulnerability exploit work, and could this be a common flaw that would affect other mobile devices?
The Blackphone is made by Silent Circle, a secure communications firm based in Geneva, Switzerland, which includes Phil Zimmermann, creator of PGP, amongst its founders. It's aimed at enterprises and individuals who take security seriously; it runs on a hardened Android-based operating system called Silent OS, and it comes with a suite of apps and other privacy tools optimized for security, offering fine-grained control over how installed applications access data and the phone's functions. Yet despite its stripped down code, researchers at the cybersecurity company SentinelOne found a vulnerability in the Blackphone 1.
The vulnerability arose due to an open and accessible socket within the Icera modem used within the phone. A system-level shell with elevated privileges, possibly forgotten debug code, listens on the socket and writes anything that is received from the socket to a port that is being listened to by the radio. This provides direct access to the modem, providing an attacker with a way to remotely control the phone's Icera modem and execute certain functions, such as send or receive SMS messages, make phone calls or kill the modem. To actually exploit the vulnerability, an attacker would install a malicious app that could appear benign to an unsuspecting user, as it would not need to request permission to access the modem. Also, the user would not necessarily be aware of any compromise as any attacker-generated SMS messages would not show in the main Android user interface.
It's unlikely that this specific vulnerability affects any other devices as the Blackphone is probably the only device that uses the Nvidia Icera modem. However, this type of flaw -- a vulnerability in a third-party component -- could easily affect other mobile devices as most are built using a wide array of third-party technologies, such as hardware, drivers and software libraries. A flaw in any component could put the device and user at risk. Security teams need to conduct risk assessment on devices that will be used to process or store sensitive data. With mobile devices, it's particularly important to investigate requests to perform system functions that originate from unexpected or unauthorized sources or processes. The main threat to smartphone security though is still the user. Virtually all vulnerabilities require some form of malware in order to be remotely exploited, so continuous employee security awareness training is essential to drill home the dangers of loading apps from untrusted sources that have not been vetted and approved by IT.
SentinelOne first reported the Icera modem bug at the end of August 2015 through Silent Circle's bug bounty program. It was patched in software version 1.1.13 RC3, released in December. Users can verify their current version under Settings->About Phone->Updates->Check for Updates.
Find out if the Blackphone is really an enterprise-grade device
Learn more about Silent Circle's Blackphone 2
Verizon reports that mobile threats are not a big enterprise security risk
Dig Deeper on BYOD and mobile device security best practices
Related Q&A from Michael Cobb
Pirated software is still a major concern nowadays. Uncover how to prevent software piracy and protect your organization's intellectual property. Continue Reading
Port scans provide data on how networks operate. In the wrong hands, this info could be part of a larger malicious scheme. Learn how to detect and ... Continue Reading
By performing ongoing risk assessments, organizations can keep their SSH vulnerabilities at a minimum and ensure their remote access foundation is ... Continue Reading