The makers of the BlackPhone – a cell phone on the market that offers unusually high levels of security – have fixed one critical vulnerability which allows hackers to execute malicious code on mobile phones.
Attackers only need one from a phone number to send a message that can endanger devices via the Silent Text application.
The defect may have bad effects on BlackPhone as the device is touted for its security, and comes with a price that doesn't justify it errorthe.
Ο hacker Mark Dowd (mdowd) from Australia, co-founder of Azimuth Security, discovered the flaw during duration of a random survey in the last months of 2014. He shared his findings with the Register website, before the bug fix was released – It will be released today.
"Successful exploitation can give remote code execution with the privileges of the Silent Text application, which works like a regular Android application, but with some additional privileges in the system required to send and receive SMS. So the app has access to contacts, location information, it can write to disk, and of course it has access to the network, "Dowd said, noting that it took him about a week to discover the bug.
The defect could also be combined with other exploits to fully control the device.