CYA LTR, Ultra-Secure BlackPhone Foiled By Simple SMS Bug
Last January, some six or so months after Edward Snowden exposed much of the NSA's shady behavior to the world, a smartphone was announced that promised unparalleled levels of security. Called BlackPhone, we followed-up a month later to provide a price, $629, and some specs. Quad-core, 2GB of RAM, 16GB storage... all standard fare for a good phone.
Given the promises of BlackPhone, it goes without saying that most of its owners would feel truly secure while using their device - and yes, I'd say that they would have definitely had an advantage security-wise versus using a regular phone. But, what we see reassured today is that nothing tech-wise is bulletproof, even if it's touted as such.
In fact, it could be that just one glitch in a security pipeline that renders the rest of it useless. We see an example of that here with the BlackPhone, although owners shouldn't have too much to fuss over: it seems the bug was squashed before it became public knowledge.
Still, the issue is alarming. Due to a bug that resided in BlackPhone's instant messaging application, attackers needed nothing other than a Silent Circle ID or phone number to trigger the bug remotely. At that point, various functions of the phone could be accessed, as well as contacts and messages read. Data could even be written back to the phone, if desired.
Regardless of how fast this bug was patched, that kind of vulnerability is truly scary, especially for a device that focuses solely on keeping its users secure. It's hard to say at this point if users will continue to put their utmost trust in BlackPhone, but unless Boeing decides to release its super-secure phone to consumers (it won't), it remains the best option.