Blackphone hacked at Def Con

By on
Blackphone hacked at Def Con

Blackphone hacked

The Blackphone was designed to be a secure Android phone, making it harder for authorities to surveil and criminals to hack.

That, of course, has made it a target of security researchers, with Justin Case picking apart the secure phone at Def Con in Las Vegas.

Nervous as hell at defcon, hungover as hell too. Was suppose to make slides yesterday, instead we hacked the black phone

— Justin Case (@TeamAndIRC) August 10, 2014

Case said it took only five minutes to gain root access and turn on the Android Debugging Bridge (ADB) - however, the makers of the phone, Silent Circle, have already patched the first bug and said the second isn't really a flaw.

"Turning ADB on is not a vulnerability as this is part of the Android operating system," said the company's CSO, Dan Ford, in a blog post. "We turned ADB off because it causes a software bug and potentially impacts the user experience, a patch is forthcoming."

However, Case is expected to reveal a third vulnerability in the secure phone later.

Let your cat find wi-fi

Why drive around sniffing for open Wi-Fi connections when you can let your cat do it?

That's the premise behind the "WarKitteh" work of security researcher Gene Bransfield, who showed off a system at Def Con whereby his grandmother's cat Coco was let out with a bit of tech attached to her collar.

Bransfield first tried fitting the feline with a tiny coat and an HTC phone in the pocket, but the cat - unsurprisingly - ditched the outerwear.

He then built a collar that featured GPS, Wi-Fi and an ARM chip, alongside a small battery. After a few unsuccessful tries - the cat hid under a bush the first time, blocking the GPS signal - Bransfield managed to gather data on 23 separate Wi-Fi networks, four of which were open and another four that used WEP, which is easily hacked, said a report from the Register.

Other Def Con hacks

The Las Vegas security conference also marked the return of John McAfee, the founder of McAfee software who is perhaps more famous - or infamous - recently for going on the run from Belize after his neighbour was found dead.

McAfee told the Wall Street Journal at the show that it's unwise to use standard smartphones, because they're being used to spy on consumers. "The most promising privacy thing is stupid phones,” he said. "I’m dumping all my smartphones." McAfee launched an app to track privacy permissions on Android phones.

Meanwhile, Ceasar Cerrudo of IOActive Labs, showed how a denial-of-service attack could take out traffic lights by targeting the wireless systems used. He said attackers could cause traffic jams or accidents, or simply brick hundreds of millions of dollars worth of equipment.

Security experts teamed up to create an advocacy group called I Am The Calvary to give cars a cyber-safety rating. The five-point checklist would help push manufacturers to focus on security of the computing systems in their vehicles, and CNet reported one company - Tesla - has already won a five-star rating.

This article originally appeared at pcpro.co.uk

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © Alphr, Dennis Publishing
Tags:

Most Read Articles

Log In

Username / Email:
Password:
  |  Forgot your password?