Silent Circle patches Blackphone vulnerability

A report released this morning shows that no phone is 100 percent secure — but that one company, at least, is able to respond quickly and issue patches immediately.

An open socket on the Blackphone made its nVidia modem accessible to apps without those apps having to first get user permissions. When combined with other vulnerabilities, such as those allowing execution of remote code, this could potentially allow websites to secretly use a phone to make phone calls or send text messages.

The company that makes the phone, Silent Circle subsidiary SGP Technologies, has already fixed the problem, said Tim Strazzere, director of mobile research at SentinelOne, which issued the report.

To read this article in full or to leave a comment, please click here