Blackphone no challenge at DEF CON

By Bla1ze on 9 Aug 2014 10:45 pm EDT
70
loading...
0
loading...
259
loading...

DEF CON 22 is well under way in Las Vegas and there's been plenty of action on Twitter tonight covering the event. One highlight comes from the @TeamAndIRC who has been having a bit of fun with Blackphone. After having some time with the device, Justin Case has managed to gain root access and enable ADB on the device without the need to even unlock the bootloader.

Although the exploit has now been partially patched and it's not exploitable without user intent, that's going to be a problem for the company who has been selling Blackphone as a 'secure' Android offering while arguing with BlackBerry over security. I might be a bit jaded but I'm not even surprised by this given the fact pretty much every Android device gets rooted at some point.

It's not even really news when it happens any more, it's expected. When a device CAN'T be rooted, that's more news now than one that can be rooted. In this situation though, I guess there was a bit more of an expectation that it might have been a little bit harder given the whole concept of Blackphone is based on security and privacy. Now, Blackphone will have some work to do to patch the rest of the exploit.

UPDATE - We've updated this article to reflect the fact it didn't take 5 minutes to root the Blackphone. That particular tweet from @TeamAndIRC was misinterpreted and taken out of context as was later noted.

h/t: @Kyle27_

Reader comments

Blackphone no challenge at DEF CON

340 Comments
Sort by Rating

As am I. Imagine, trying to build a secure platform on top of Android! The most insecure platform, from the single most largest offender of data security.

Posted via my QNX Z30

A foundation created by Google, the online equivalent of Wal-Mart, where the NSA likes to do its one-stop shopping.

I may have a stupid question here, but was a BlackBerry ever rooted? Is that even possible? I'm sorry if this is a totally stupid question.

Posted via CB10

Yes but then BlackBerry fixed it so you couldn't do it anymore. Took them a couple of tries but they got it together.

Posted via CB10

Funny how Android Central didn't post up about the secured Android OS aka Blackphone being rooted /hacked in 5 mins!!!

 Posted via CB10 on my  Z30

BlackBerry 10 comes rooted out of the box, go to Settings > Security and Privacy > Development Mode. Move the slider to enabled, enter your device password and it's rooted. You can access the device using command line or all the files using WinSCP. Rooted doesn't necessarily mean less secure.

why bothering rooting a BB? no one use them anymore and the executives still using them probably less than 1% of all businesses out there

And yet Android commands over 80% of the market, while BlackBerry garners 2%. They must be doing something right.

Android has a lot of extremely cheap devices, that certainly helps their marketshare. And almost 15% of Android devices that used Google Play recently are still on Gingerbread, from 2011.

Unfortunately for the timing of bb10's launch people only recently started to give a shit about security too.

It's not dead, it's just slightly delayed a couple of decades. Mark my words, it's coming. 2034 isn't that far off.

Posted via CB10

Tienes is delayed indefinitely by a recent public statement by Samsung!

 BlackBerry Z30  If it Don't Make Dollars, It don't Make Sense 

That's just because Android has the ecosystem and the fact Samsung's Galaxies with bigger screens became a popular trend in making it more popular.
Also, the fact BlackBerry was very late in releasing it's new platform and also to this day a lot of ppl still don't even know that BB10 exists or that it is a totally different platform from the legacy BBOS's.

 Posted via CB10 on my  Z30

I'm ok with 80% or whatever the number is using Android, it doesn't say much other than "it's popular". I'll just go with the OS that offers the best user experience for me and provides communications on par of what I expect. Good for them, good for me.

Posted via CB10

More like what does security have to do with market share? Not much. People aren't flooding to BlackBerry because it's secure. Although it is good for enterprise.

More like what did this article have to do with market share. Crackberry readers are very aware of this already, take your storm cloud for a leap off one tall building or another

Buy a bb, get a droid for free

And there it is. Security has always been BlackBerry's biggest differentiator. Its major selling point is not the pleasant OS which can run most Android apps. Consumers are overall not interested in mobile security. BlackBerry must drive home that selling point to enterprise at every opportunity. Especially with Apple getting aggressive in the space and Google announcing new security features in their upcoming OS update.

You are kind of stating the obvious, Bird. I don't think BlackBerry could possibly be any more vocal about Security and how it is the REAL differentiator between BlackBerry and the other guys than they already are. Where they have gaps in their offering, it's certainly not in the security USP but rather in their end to end productivity suite. I believe that is the gap Chen is addressing with the emphasis on enterprise software development and why they hired the COO they did.

From my Neutrino Powered Z10

Yes, there are a lot of stupid people out there that will one day regret the decision to support android and google.

Posted via CB10

Part of the reason is this: I keep reading young heads full of mush on Twitter and Facebook stating they are NOT concerned with the NSA snooping into their emails because "if it makes me safer" then they don't care. They can't connect the dots yet, presumably because they still live at home and Daddy will take care of it if they get hacked, and they don't have a bank account cuz Daddy buys everything. I can't imagine someone who owns a business or orders supplies not wanting to have as much security as possible.

Not regarding any of their BES installations, there would be no point. But regarding BBM traffic, the British police, the RCMP and I'm sure others have worked with BlackBerry to nail down who said what to whom and when in order to gather evidence and prosecute. Apart from that the carriers and email service providers are the easiest point of data collection for the NSA. No point in going to BlackBerry.

From my Neutrino Powered Z10

I agree completely except for the "no point in going to Blackberry" part. If a Government is after you then you have no shot. If an individual is after you then Blackberry should be fine unless of course that individual has your password and physical access to your device.

One of the many reasons we are going down hill fast in the World is the blank stare and shoulder shrug when discussing anything to do with privacy. The response goes like this, "What do you want me to do? Not use <fill in social media app here> and live like a caveman?".

Last few Centuries were filled with people who remembered living under oppression who made the decision enough was enough. Today the Bar for oppression is whether or not Starbucks can make you a Mocha, Chai, Ice, Frappacino drink. And do it fast, and do it for under $15 and do it with a smile. That my friend is what the World's youth consider oppression...

And we wonder how we got here?

Means nothing, that was BlackBerry at one point, IBM long ago... doesn’t mean a darn thing.

Posted via CB10

... Plus the fact that most people don't care about security, and just want cheap phones with free apps with ads all over them. That is most of the CONSUMER market. On the other hand, the CORPORATE market understands security and wants to protect business conversations and files and data... that could cost them millions of dollars. Billions of people on the planet have phones, but there are orders-of-magnitude fewer corporations.

Hasn't anyone here heard of the Burj Kalifa in Dubai? It's the tallest skyscraper in the world, built on a sand foundation. In fact, the entire city is.

you've seen the documental didn't you? So you saw what they had to do to get the buildings foundations to be solid for that monster. So you know it wasn't built on top of the sand.

Posted via CB10

and so castles made of sand, slips into the sea eventually lyrics .
Jimmy Hendrix

STL100-1 (10.2.1.3247) STC

Blackphone is like a Castle of Glass, built on a foundation of sand, on the side of a very tall mountain, in the path of an avalanche.

Companies are going to think they have a chance to produce secured versions of it though, whether it is an approach like BB with their secure offerings for android and ios or for something like this blackphone and with google taking security more seriously going forwards then they are unlikely to be the last.

I do not like Android either but how many BB10 users do not load Android apps period? I don't care about the sandbox. That is one attack vector. The Android Apps have access to all you personal data and insist this to be the case. So, while BB10 is what I will buy realistically I will have to forgo Android Apps if I have any desire to attempt to control who has my contacts, who can make calls, who can send text and MMS messages, who can create a contact, who can delete a contact, who can turn on shut off wifi and bluetooth etc.

Yep. Sounds about right doesn't it lol. Look, I'm a BlackBerry user and an Android user. I like both platforms a lot. But if you want good security, there is no comparison. BlackBerry is still clearly the winner.

Posted via CB App from my Galaxy S4 Mini with an LED CrackLight ;-)

Blackberry better go to town on this, can you say: "opportunity of a lifetime here?"

Posted via the Android CrackBerry App!

Nop you can't BlackBerry 10 can probably be rooted as fast as black phone and BlackBerry knows that.

Posted via CB10

BlackBerry has never been rooted or hacked, only device on market. only part of BlackBerry people can gain access to is the SD card that's why they don't let you install apps there.

It maybe true, but even the president had his BlackBerry modified for prevention. It makes me think if BlackBerry is secure because its market isn't saturated. Similarly, Mackintosh OS is secure, but is it really secure or is it because it's a fraction of what Microsoft dominates? Therefore, hackers aren't too interested.

Posted via CB10

I think what he meant to say is that for the longest time Apple computers weren't susceptible to viruses and hackers. The official line was that the architecture was more secure than IBM-compatible machines (ie: Windows). However, there was a dissenting view that contended the reason for few viruses and hacks was that it had such a small percentage of the market, no one wanted to go after it - not enough bang for the buck.

That being said, I would not necessarily think it applies to the Blackberry situation. Yes, the market share is low, but the target is rich. Most people using Apples (Macs, etc) back then were either schools or art/design/publishing organizations. Neither are terribly rich sources. But if you could target the device of a CEO or someone else in a high value target industry, then regardless of market share overall, if the device has a commanding share of a target industry, then it's definitely worthwhile going after.

Disclaimer: there is no freaking way I could hack my way out of a paperbag, much less into any computing device :)

BlackBerry has survived many hackathons without ever being hacked simply why its the only device with fips 140-2 security certification.

Sure the PoTUS had his phone adapted but that was for voice encryption only, data was already secure.

Posted Using a Z30 Via CB10

Blackberry may have small market dominance from a consumer standpoint. But if you could break into it there would be a fricking gold mine of corporate information ripe for the taking. I'd say the hackers are pretty interested. Why else would the Chinese government try to get lenovo to buy BB?

Posted via the Android CrackBerry App!

Not true. BlackBerry OS 6 was hacked at Pawn2Own in 2011.

BlackBerry 10 was rooted in the pre-release days.

Posted via CB10

Never? And what is dingleberry? I know playbook was a fail, but that's still a unit from blackberry and got rooted.

Wow that statement from bbschorsch show he really doesn't know what the heck he's talking about. Lol

Posted via CB10

It's high time for Android fans to stop making excuses for another epic failure.

Posted via CB10

bbschorch : Your making a name for yourself as the next BlackBerry 10 Hacker . The success is worth $Millions ...go after that POT of Gold ....I would if I could hack Mercedes F1 secrets and conversations and sell them to Ferrari ...for a cool 1M Euros..........Schucks I think I am writing a spy thriller !!!

Are you serious right? The sarcasm isn't clear which makes the whole thing sound a bit....hum no.....totally stupid.

Go check the net for the long list of security certifications. No other has BlackBerry certifications and no, you don't know a genius kids that can cream the DoD in 5 min.

Z30 Vivo Brasil

Hahahahahhahahahahahahahahahahahahahahahahahahahahahahahahahahahahahshshahshshshshshshahahahahahahahahah.............. so much win!!!!!!

Posted via CB10

LOL,
the maker should have NOT called the product a "BlackPhone" as if it were a competitor of the "Blackberry Phones".

The poor naming will come back to haunt them!

There has been, and always will be, ONE "Blackberry"

Hay, what happened to those guys who tried to go after Blackberry by making a snap-on look alike keypad? Out of business?
Perhaps that will happen too to the Blackberry name product look-a-like.

Hmm. The question of this conversation should be to what extent will Android L with Google purchase and implementation of KNOX be a competitor to BlackBerry??!

Think if it really is secure and stands up through certifications, then that would put a HUGE potential dent into BlackBerry's revenues - cheaper devices with vast range of features, hardware - except keyboards - would be considered on mass.

I don't see this as a laughing matter but a big public win for BlackBerry, for Now

 BlackBerry Z30  If it Don't Make Dollars, It don't Make Sense 

Hahaha Omfg so funny, android is a total joke when it comes to security, even one with all these features is hacked in 5 minutes.

It's why every important person on the planet uses a BlackBerry.

BlackBerry for eva.

Posted by Antoniius via my sexy Gold and White Q10.

Well , just imagine how fast it could have been if the hacker hadn't been partaking in all those free drinks at the craps table.

Posted via CB10

The CEO of apple, Google, and Microsoft doesn't. And I'd say they're the biggest 3 titans in the tech world

Probably didn't want to end up in his "own" database, he and his multiple extra-marital affairs...

Quote:
..."We are moving to a Google that knows more about you..."

 BlackBerry? I premdict the future's gonna be chenomenal! 

FYI, the Executive Chairman of Google - Eric Schmidt uses a BlackBerry, has always been a BB user even when CEO of Google.

Haha they think they can be secure on android

Posted via the awesome power of BlackBerry 10 on one of my lovely devices probably my brand new Z30 or my great Q10 or my beautiful Z10

You can't start with a platform that's known to be insecure and claim it's going to be secure.

Posted via CB10 (Via limited WiFi connection)

I can see some Media outlets trying to say that the BlackBerry got rooted in five minutes, not really understanding the difference between the BlackBerry and the other thing.

Posted via CB10

I agree!! And if that happens, BlackBerry should be all over them and call them out for their total incompetence & ignorance! Anyone reporting on mobile devices should lose all credibility by making such a mistake.

That would be good ammunition for BlackBerry to sue Black Phone & get them to change their name. It clearly causes confusion in the market.

Posted via CB10 using my Z30.

To be completely honest, when I first glanced at the title of this article I thought it said BlackBerry, so I was really confused until I saw the BlackPhone logo on the t-shirt in the picture.

Posted via CB10

+10 So agree the media are so ignorant on the facts. They will get Black and BlackBerry mixed up. "It's Black something..."

Posted via CB10

BlackBerry isn't just a Phone its a way of Life
Black Phone well thats just it. The name
Just another Black Phone .....lol

Almost spit out my drink as I was reading the OP. Serious egg on their faces! I half expect the Blackphone CEO to put out an attack article on the person who rooted the phone. Pathetic.

" I do not think that word means what you think it means. "

It's more like BlackBerry way of saying "eat that shit"

Can't stop feeling happy and laughing at those dumbasses who couldn't even get a real name

Posted via CB10

The material in question is really, really dark.

It's not BLACKBerry for nothing... :-)

 BlackBerry? I premdict the future's gonna be chenomenal! 

So a friend just called me that he has a radical, but guaranteed solution for the Blackphone's security woes. It's crazy, cuz I told him, "no way man, you just can't reliably secure android" so he wanted to bet me. "Sure dude" I said. So he started whispering "first, take out the battery, next remove the sim card, got it?" I said "yup, what next?" So he says "Now put it in the bottom of your sock drawer" "Genius ayy? Totally secured right?" So I have been cramped up with laughing for a half hour trying to get this down. Works though. heh heh heh

Posted via CB10

Nice! How many millions of dollars in development did this idea take to successfully implement? ☺

Posted via CB App from my Galaxy S4 Mini with an LED CrackLight ;-)

Chen should keep that one in his back pocket if he ever gets asked the best way to secure an android (besides the bes answer).

Posted via CB10

I was really excited when I heard about the Blackphone, and the only reason I didnt get was it was sold out.

I guess im a sucker for advertising :)

Glad I stayed with "the other black phone"

Posted with Q10

Maybe...just maybe.... Blackphone went to Def Con to get hacked on purpose?

Hahahahahaha!!!!!

"Hip to be Square" - Huey Lewis and the News

Funny that, I saw him in bankruptcy court yesterday. I'm sure it was just a coincidence.

Posted via CB10

The analysis has probably been going on for months. I guess the demo only took 5 minutes.

Posted via CB10

Why the hell didn't they just use their own os, god these people are so stupid, security had to be built from the grounds up!

Because that would require money, time and effort. Just easier to pretend and hope for enough sales before the whole house of cards collapses.

Posted via CB10

Love hearing shit like this! So much for their boasted about security. They don't deserve to have "Black" in their name. They are not even close in any way, shape or form. This makes BB look all the more better and appealing for those who really value their security

What's wrong with you, I'd be nice to have a secure android phone. Android is a great operating system and would be great to use if it was as secured as BlackBerry. It has some of the greatest features, latest specs and most innovations.

It's also heavily used/ controlled by Google which is really hard core proud of the nsa. I avoid as much google/ android as possible. It's not like I'm some high power exec or a government big wig. I'm just an average American who believes we get barraged with a whole lot of unconstitutional government snooping and hack attempts from all over the world. If BlackBerry can even remotely help in some way to secure my right to be secure in my person, and effects then I'm going there. Android might be a cool Os but it is also the tool of the devil.

Posted via CB10

Specs? I'm not geek to fap cus I got super hiper ultra 64 core proc... Innovation? Tell me what's so great? Lair gestures"? IMO Blackberry and iPhone is extremely nice developed innovation.

Posted via CB10

BlackBerry is the phone of the elites. Anyone who doesn't have grasp of reality would expose themselves to hackers, NSA and every other threat . Why else would the German government drop iphone and only use BlackBerry? Why is the president of the United States not allowed to use iPhone and uses BlackBerry? Why do the chinese government follow a growing number of governments banning iphone? Wake up to reality or suffer the conscience sooner or later. The NSA Agents know what I am talking about.

Posted via CB10

Thanks Bla1ze for the chuckle. Love to hear any more from this conference that you can scrape up!

From my Neutrino Powered Z10

They did get, ahem... the T-shirt should give it away, ey?

Some nice news to read on an overcast North Queensland afternoon...

 BlackBerry? I premdict the future's gonna be chenomenal! 

Gorgeous SoCal evening over here and admittedly enjoying this well-deserved skewering of that BlackPhone bugger. Trying to imagine what Mr. Chen is doing regarding the news and I'm coming-up blank. The dude's a consummate professional. Expecting some higher-end poop-slinging.

Wait what.???? I thought they just challenged blackberry and they they were the only true real true secure phone. Bhaaaahaha

Posted via CB10

Chen & Company should beat the living daylights out of Black Phone over this...

It seems everyone & their brother thinks they can outdo BlackBerry with their cockiness.

Sent from my BlackBerry Z30

He'll probably make Chop Suey with Black bean, ahem ... phone sauce tonight...

 BlackBerry? I premdict the future's gonna be chenomenal! 

To conclude it doesn't matter what phone you use black, red, purple or any other color. If it is not BlackBerry you are behind the curve and using an inferior phone.

Posted via CB10

A nursery rhyme, Baa, baa, black phone have you any security?
Yes, sir! Yes, sir! Three bags full. One for my master, one for my dame and one for the hackers who have all of my personal information and my name.
It's a bit rough, but you get my meaning. :)

Posted via my super duper ultra mega Z10 with death ray

#Blackphone not secure. Not surprised by the quick hack. #BlackBerry security is unequalled. People need to wake up and stop believing the hype.

Posted from my secure Z30

I don't understand why would you ever use an android if you want security and productivity when it's n open source OS....it makes zero sense I own 4 android devices and a z30 and z10 and it murders them in flow and typing multi tasking and much more. I remember typing on an Android device the first time it is extremely frustrating....i was like how do people type on these things which is one of the main things you do all day is send messages....i don't know I find android over hyped because of stupid apps...

Posted via CB10

Laughing out loud...for days. I think I'll keep my BlackBerry.

I may not be Angela Merkel, but when I use my phone, I wanna know that I'm in control of my information. #BlackBerry4Life

Posted via CB10 on my Z10

PlayBook has never been rooted,,hence why you can't update the kernel or install a different os onto the tablet. BlackBerry security for the win.

Yeah, playbook was rooted because it didn't encrypt backups you made to your computer (it contained both encrypted and unencrypted content) which allowed the backup to be modified to include a root access app. Restore that backup and BAM Root access.

The exploit was plugged and the dingleberry folks were never able to gain root again. They gave up after many months of trying.

Bb10 phones are based on a _hardened_ version of the playbook OS.

Posted via CB10

The hacker would have to sober up for that. Not going to happen as it is Vegas.

Posted via CB10

PLEASE BlackBerry, USE this opportunity. Make peopke aware of this. Do some actual marketing. You know if it were the other way around the media would've been all over it.

Now they're going to have to drop the Black from Blackphone... cause Black is synonymous with Security.. lol

There's only really one Blackphone and that B-L-A-C-K-B-E-R-R-Y... LMAO..

Posted via CB10

So. Who's even bothering to crack a BlackBerry? Is it even a skill worth developing? IDK.

I am packing ZeeTen goodness...

I'm planning to get myself an Android expressly because I can root it and play around with modding it. How does Blackphone not understand that Android and rooting go together like apple pie and ice cream?

Posted via CB10 on Z10

I could go on and on about this....heck, even go on about the genius here on CrackBerry who debated me last time saying Blackphone had a great secure offering...but, I think I will just let these results speak for themselves.

Posted via CB10

Yes, I remember that thread. Give it 6 months and they will be back. Ok, a year.

Posted via CB10

Of course they will! The guys over at Blackphone will release a trivial patch claiming to have fixed all of the security holes, all the while running one of the least secure foundations; then the BlackBerry haters will pile back here in droves to make the same asinine claims again. I think the factory generated response to those people should just merely be a link to this article!

Posted via CB10

Don't know if anyone tried clicking on the links given but, the team that cracked the Blackphone is saying "BB is next"...would be interesting to keep following this...

BlackBerry has been around for years. The group that rooted that Black phone would have been trying to root a BlackBerry for years now. I haven't heard them officially claiming they have. Not even sure they possess the means by which it can be done in the first place. Not saying it can't be done but I'm sure it requires a great deal if tech or it would have been done by now.

Posted via CB10

Awesome!

I notice everyone is excited about this and BB's security on their devices.

Can you give me examples on how my data is more secure on my BB than if I had an android?

I use a Gmail account for my email on my BB, does that matter?

Nuff said! When it comes to security, BlackBerry is miles ahead of the competition!

Posted via CB10

Maybe they can just install their add-on privacy apps on a BB's Android runtime and be done with it...

 BlackBerry? I premdict the future's gonna be chenomenal! 

this is hilarious, I knew this blackberry wannabe blackphone is a joke from the beginning. it does not even deserve media attention and hype

In my opinion, black phone is like a very nice house with a very secured front door but with open windows and no grills.

Posted via CB10

You can't compare the blackberry security with that of android never, I love blackberry for that

Posted via CB10

Couldn't have said it any better myself! I liken it to well intentioned house developers who use some of the finest materials and create some excellent blue prints for a mansion, yet decided to build their house on a mud foundation.

I think we can all appreciate people trying to up the amount of security offerings out there, but it left me scratching my head as to why they would use Android as their foundation.

Posted via CB10

Too bad BlackBerry didn't have a passport there to prove how well 10.3 built. Everyone would have been fighting to play with it.....

Posted via CB10

Being an Aussie I get twice the laughs at the story...

In Australia rooted means something completely different, and going by the story, our meaning fits too Hahahahahaha

Posted via CB10

BlackBerry 10 a brand new OS designed from the ground up for phones using the awesome QNX. Of course it was released as a work in progress but now really starting to show it's potential. BlackBerry has the edge over other phones at the moment it just needs to make people aware of this!

My lubbly jubbly Z10. Shine on you crazy BlackBerry

Pages