Bug in ultra secure BlackPhone let attackers decrypt texts, stalk users

January 27, 2015

A recently fixed vulnerability in the BlackPhone instant messaging application gave attackers the ability to decrypt messages, steal contacts, and control vital functions of the device, which is marketed as a more secure way to protect communications from government and criminal snoops.

Mark Dowd, a principal consultant with Australia-based Azimuth Security, said would-be attackers needed only a user’s Silent Circle ID or phone number to remotely exploit the bug. From there, the attacker could surreptitiously decrypt and read messages, read contacts, monitor geographic locations of the phone, write code or text to the phone’s external storage, and enumerate the accounts stored on the device. He said engineers at BlackPhone designer Silent Circle fixed the underlying bug after he privately reported it to them.

The vulnerability resided in SilentText, the secure text messaging application bundled with the BlackPhone and also as a free Android App in Google Play. A component known as libscimp contained a type of memory corruption flaw known as a type confusion vulnerability. Libscimp is the BlackPhone implementation of the Silent Circle Instant Messaging Protocol (SCIMP) and runs on top of the extensible messaging and presence protocol (XMPP). SCIMP is used to create secure end-to-end channels between people sending text messages. It handles the transportation of the encrypted data through the channel.

Type confusion vulnerabilities occur when one data type is mistakenly interpreted as another. Usually, a pointer to one object is incorrectly manipulated as a pointer to an object of a different type. In unmanaged languages such as C, these flaws often result in invalid memory accesses that can be exploited in ways similar to so-called use-after-free bugs. Dowd and fellow researchers Ryan Smith and David Dewey spoke about type confusion at the 2009 Black Hat security conference.

The BlackPhone attack could be triggered by sending targets a specially designed payload that allowed an attacker to overwrite a pointer in memory, paving the way to replacing normal contents with malicious ones. Dowd provides a spectacularly deep technical explanation in his blog.

The vulnerability is a potent reminder that strong encryption means little if one of the endpoints is compromised. The BlackPhone appears to do many things right, but in the age of advanced hacking and ever more complex software, that’s no guarantee it can’t be hacked.