The "Secure" Blackphone Has Been Rooted!

[DroidModderX]

​

It should be no surprise that the Exploit master Justin Case has rooted the Blackphone. If you haven't heard of the blackphone just know that this is an Android device that runs a custom skinned version of Android with many custom security apps that are meant to make you feel more secure when using your phone. The Blackphone's PrivatOS is so "secure" that SGP Technologies decided to take the phone to Def Con (a hacker expo) to see if anyone could break it.

Jcase has rooted the device, but it was apparently a pretty big challenge. He found 3 vulnerabilities. He was also able to root the device without unlocking the bootloader. With these vulnerabilities Jcase was able to reenable ADB which is disabled by default, then he was able to tinker with the device, and finally gained root access. Jcase decided to report this to the company rather than release the method publicly. For his efforts he received a custom t-shirt! Overall this phone seems to be pretty secure especially now that the aforementioned vulns have been reported to the OEM who will undoubtedly get those patched up quickly.

Via XDA

 

[grenefroggie]

He also took advantage of a vulnerability that was patched with an OTA update. He bought it at or just before DefCon and did not dare hook it up to WiFi and update it.

Basically, he gained root through a security flaw that has already been patched.

Still, awesome work.

 

[swc2001]

I think this stinks when the Black hats use their gifts to help the companies. Very Wrong!!!

 

[grenefroggie]

I think this stinks when the Black hats use their gifts to help the companies. Very Wrong!!!

Not at all. One of Android's biggest critiques is that it is not secure. And honestly, it really is not. So getting professional help in order to do so is not such a bad idea. If you want to test the security of a product, that is exactly what you do: bring it to the people who are most knowledgeable about breaking in to it.

 

[mountainbikermark]

I think this stinks when the Black hats use their gifts to help the companies. Very Wrong!!!

In this day and age where entire religions, nations and any other entity you can think of are bent on the destruction of any technology post stone age, it's going to take a total team effort to thwart their bend on destruction of our way of life.
Granted if it is done for the shiny penny I agree with your statement.

Sent from my LG-D801 using Tapatalk

 

[swc2001]

I am more speaking of patching root holes and making it harder for developers to keep Android Open. I am all for security as long as you can do what ever you want with it, root or otherwise.

 

[GoCliffGo05]

Jcase is notorious for this and Good for him. If he has the skills, which he obviously does, then let him work his magic. I see no fault in what he is doing and I praise it. Don't get me wrong I want open source to remain open and I want freedom in my devices but who are we to scold or tell anyone how to use their talents.

Sent from my XT1060

 

[swc2001]

hmmmm I guess America shouldnt scold terrorist for using their Terrorist Talents... Now that is what is called an Absurdity (my statement that I just made Not yours) I merely made the statement to get a point across, that you shouldnt make absolute statements like you made. ie "but who are we to scold or tell anyone how to use their talents."
And No patching Root Holes is Not a good thing for the consumer!
But if you subscribe to a more socialistic view of things and believe everyone should be equal in every way..... I can see how you might disagree with me.
Oh well this is the Internet after all and I am just text to you and you are just Text to me.
Have a nice day.