Marketed as the most secure Android handset available, the BlackPhone wasn’t completely safe from hackers’ attacks, as a recently discovered — and fixed — vulnerability in the phone’s instant messaging application could give them access to encrypted personal data such as messages, contacts and potential control over other “vital functions” of the handset, Ars Technica reports.
The security issue was thoroughly detailed by Azimuth Security, with the company saying that an attacker would only need a Silent Circle ID or phone number to take advantage of the bug. The vulnerability has been fixed by Silent Circle engineers after the company privately alerted them on the matter.
Hackers could have triggered the bug by simply sending a special message, at which point they would have been able to continue the attack in order to obtain access to more sensitive data. Once inside, a hacker could have decrypted messages, read contacts, access location information and even write code or text on the phone’s external storage — exactly the kind of things BlackPhone makers would want to avoid.
Even though this security issue seems to indicate that not even the Android phone designed with privacy and security in mind isn’t completely safe from attackers, it’s not clear whether the bug has actually been exploited by hackers.
A thorough explanation of what could have happened in such BlackPhone attacks is available at the source link.