Blackphone Rooted at Annual DefCon

At this year’s Defcon hacker conference, security researchers at the engineering group TeamAndIRC proved that the Blackphone, developed by SGP Technologies, could be rooted and cracked in less than five minutes by exploiting a crack in the Android Debugger Kit’s code. *updated below


You’ll remember several months ago when we first reported on the development of Blackphone, which was put together and programmed by two leaders in the industry who set out to develop the most secure, encrypted device that could be used to communicate over many of the most popular cell phone carriers including Verizon, AT&T, Orange, and O2.

Technically, the hack wasn’t based on an exploit of weak code, rather a hole that was discovered in the debugger that developers can access when programming new applications for the heavily secured device.

Blackphone was surprisingly appreciative towards the team for bringing the issue to their attention, taking to the crowd publication site Medium to thank the engineers who discovered the debug and explain in detail what they expect to do to patch the problem in the next few days.

According to @TeamAndIRC there were three issues discovered. The first one is that he was able to get ADB turned on. Turning ADB on is not a vulnerability as this is part of the Android operating system. We turned ADB off because it causes a software bug and potentially impacts the user experience, a patch is forthcoming. His second discovery is accurate and here is the point I want to stress to the community. We found this vulnerability on July 30, had the patch in QA on July 31, and the OTA update released on August 1. That is pretty fast, no?


Photo: Justin Case / Twitter

No one is quite sure what this means for the profit potential of Blackphone, which launched last month to tepid results across the board, but we can be certain that their reaction to the news will be far better for the company than the hack itself. Their quick, concise, and informed response shows that the team of engineers behind the device are dedicated to the security of its users’ information first and foremost, and while the margins of their accounting department aren’t going to be tossed entirely by the wayside, it’s refreshing to see a company concerned about their customer first, and the bottom line in a somewhat-distant second.

BlackBerry has already pounced on the opportunity, as the company has been struggling to maintain their former dominance both with the consumer and enterprise set. RIM’s phones used to be the go-to option for high end business professionals who needed to protect the latest news on mergers and acquisitions, as well as government employees who needed the most secure, least penetrable solutions to keep their classified data safe while on the move.

Now solutions like the Blackphone and Samsung’s Knox platform have started to move in on that market, circling the already-strained former mobile giant while the scent of blood only grows stronger in their part of the water.

Whether or not Blackberry will make a recovery in this space is yet to be seen, though no one would blame them for running out front with the news and trying everything they can to play up Blackphone’s weaknesses in order to keep their outdated hardware out of the public’s mind while they scramble to stay relevant in this increasingly competitive market.

*Updated Aug 13:
Blackphone has contacted VPN Creative to draw our attention to two blog posts it published in response to the findings revealed by TeamAndIRC. You can read them here and here.