Silent Circle’s Blackphone is all about privacy and security, but security researchers discovered a remote takeover vulnerability that attackers could exploit to send and receive text messages, to eavesdrop on calls and to remotely control other Blackphone functions.

Blackphone runs on PrivatOS, which was designed to have “no gratuitous features, no hooks to carriers, and no leaky data by default;” this heavily customized version of Android gives users full control of app permissions and other security settings. Yet Tim Strazzere, director of mobile research at SentinelOne, explained that attackers could exploit a vulnerability, bypass a user’s control of the permissions, and communicate directly with the Blackphone’s modem. Put another way, the flaw could allow a hacker to remotely take control of the phone.

To read this article in full or to leave a comment, please click here