The "Secure" Blackphone Has Been Rooted!

Discussion in 'Android News' started by DroidModderX, Aug 15, 2014.

  1. DroidModderX

    DroidModderX DF Super Moderator Staff Member Premium Member

    Joined:
    Oct 6, 2011
    Messages:
    2,473
    Likes Received:
    595
    Trophy Points:
    178
    Ratings:
    +607
    [​IMG]

    It should be no surprise that the Exploit master Justin Case has rooted the Blackphone. If you haven't heard of the blackphone just know that this is an Android device that runs a custom skinned version of Android with many custom security apps that are meant to make you feel more secure when using your phone. The Blackphone's PrivatOS is so "secure" that SGP Technologies decided to take the phone to Def Con (a hacker expo) to see if anyone could break it.

    Jcase has rooted the device, but it was apparently a pretty big challenge. He found 3 vulnerabilities. He was also able to root the device without unlocking the bootloader. With these vulnerabilities Jcase was able to reenable ADB which is disabled by default, then he was able to tinker with the device, and finally gained root access. Jcase decided to report this to the company rather than release the method publicly. For his efforts he received a custom t-shirt! Overall this phone seems to be pretty secure especially now that the aforementioned vulns have been reported to the OEM who will undoubtedly get those patched up quickly.

    Via XDA
     
    • Like Like x 1
  2. grenefroggie

    grenefroggie DF Super Moderator Staff Member

    Joined:
    May 18, 2011
    Messages:
    364
    Likes Received:
    161
    Trophy Points:
    83
    Ratings:
    +173
    He also took advantage of a vulnerability that was patched with an OTA update. He bought it at or just before DefCon and did not dare hook it up to WiFi and update it.

    Basically, he gained root through a security flaw that has already been patched.

    Still, awesome work.
     
  3. swc2001

    swc2001 Active Member

    Joined:
    Feb 12, 2012
    Messages:
    269
    Likes Received:
    54
    Trophy Points:
    28
    Ratings:
    +54
    I think this stinks when the Black hats use their gifts to help the companies. Very Wrong!!!
     
  4. grenefroggie

    grenefroggie DF Super Moderator Staff Member

    Joined:
    May 18, 2011
    Messages:
    364
    Likes Received:
    161
    Trophy Points:
    83
    Ratings:
    +173
    Not at all. One of Android's biggest critiques is that it is not secure. And honestly, it really is not. So getting professional help in order to do so is not such a bad idea. If you want to test the security of a product, that is exactly what you do: bring it to the people who are most knowledgeable about breaking in to it.
     
  5. mountainbikermark

    mountainbikermark DF Super Moderator Staff Member Premium Member

    Joined:
    Sep 5, 2010
    Messages:
    3,750
    Likes Received:
    802
    Trophy Points:
    258
    Ratings:
    +826
    In this day and age where entire religions, nations and any other entity you can think of are bent on the destruction of any technology post stone age, it's going to take a total team effort to thwart their bend on destruction of our way of life.
    Granted if it is done for the shiny penny I agree with your statement.

    Sent from my LG-D801 using Tapatalk
     
  6. swc2001

    swc2001 Active Member

    Joined:
    Feb 12, 2012
    Messages:
    269
    Likes Received:
    54
    Trophy Points:
    28
    Ratings:
    +54
    I am more speaking of patching root holes and making it harder for developers to keep Android Open. I am all for security as long as you can do what ever you want with it, root or otherwise.
     
  7. GoCliffGo05

    GoCliffGo05 Developer Relations Staff Member Premium Member

    Joined:
    Aug 16, 2012
    Messages:
    2,854
    Likes Received:
    335
    Trophy Points:
    148
    Location:
    Maryland
    Ratings:
    +335
    Jcase is notorious for this and Good for him. If he has the skills, which he obviously does, then let him work his magic. I see no fault in what he is doing and I praise it. Don't get me wrong I want open source to remain open and I want freedom in my devices but who are we to scold or tell anyone how to use their talents.

    Sent from my XT1060
     
  8. swc2001

    swc2001 Active Member

    Joined:
    Feb 12, 2012
    Messages:
    269
    Likes Received:
    54
    Trophy Points:
    28
    Ratings:
    +54
    hmmmm I guess America shouldnt scold terrorist for using their Terrorist Talents... Now that is what is called an Absurdity (my statement that I just made Not yours) I merely made the statement to get a point across, that you shouldnt make absolute statements like you made. ie "but who are we to scold or tell anyone how to use their talents."
    And No patching Root Holes is Not a good thing for the consumer!
    But if you subscribe to a more socialistic view of things and believe everyone should be equal in every way..... I can see how you might disagree with me.
    Oh well this is the Internet after all and I am just text to you and you are just Text to me.
    Have a nice day.
     
    • Like Like x 1