Blackphone goes to Def Con and gets hacked—sort of
When the Blackphone team arrived at Def Con last week, they knew they were stepping into a lion’s den. In fact, that’s exactly why they were there. The first generation Blackphone from SGP Technologies has been shipping for just over a month, and the company’s delegation to DefCon—including Silent Circle Chief Technology Officer Jon Callas and newly hired SGP Technologies Chief Security Officer Dan Ford—was looking to both reach a natural customer base and get help with further locking down the device.
Ask and you shall receive. Jon “Justin Case” Sawyer, the CTO of Applied Cybersecurity LLC, walked up to the Blackphone table at Def Con and told them he rooted the phone. And those who followed him on Twitter received an abbreviated play-by-play.
What followed, however, was not what Sawyer or the Blackphone team counted on: a BlackBerry blogger at N4BB leapt on one of Sawyer’s tweets and wrote a story with the erroneous headline, “Blackphone Rooted Within 5 Minutes.” By the time Sawyer was presenting on Sunday at Def Con with Tim Strazzere, the story had been picked up by a number of blogs and websites—and nearly all of them didn’t bother getting further details from Sawyer or Blackphone.
BlackBerry partisans gloated over the hack. But the irony is that three days earlier, researchers from Accuvant showed in a presentation at Black Hat that they could remotely attack BlackBerry phones (as well as some Android and iOS devices) with a femtocell man-in-the-middle attack, getting root without even touching the phone. So the question is whether BlackBerry fans have any room to brag, or whether they’re simply safer because they’re not as big a target as Android.
Rooted in (a lot more than) five minutes
Sawyer’s Blackphone hack was in many ways already moot by the time he demonstrated it. In part, it relied on an already-patched problem in Blackphone’s remote wipe software, which Sawyer hadn’t downloaded—mostly because he bought the phone at Def Con and didn’t want to do anything over the Wi-Fi at the conference.
In a conversation with Ars, Sawyer said that the hack required three vulnerabilities in all—one that is a lower-threat vulnerability to a wide range of Android-based devices and has not yet been fully disclosed. Additionally, he said, the rooting of the Blackphone required that the attacker:
- have physical access to the phone and connect it to a computer via USB,
- configure the phone against Blackphone’s set-up recommendations,
- not install encryption on the device,
- ignore an unknown application source warning, and
- have the phone’s PIN code.
In other words, to hack the Blackphone, the hacker would have to have either obtained it from a very naïve user or bought the phone himself.
Vulnerability or feature?
According to the Blackphone team, the first “bug” Sawyer leveraged was in fact not really a vulnerability—he re-enabled the Android Debug Bridge (ADB) to gain developer access to the phone. ADB doesn’t provide root access by itself, but it does give full user access to the device from a USB-connected computer.
The interface to ADB is “a standard part of every Android install,” SGP Technologies CEO Toby Weir-Jones said in a phone interview with Ars. ADB had been disabled by default on the Blackphone, he said, because of a bug in its implementation in PrivatOS that resulted in a USB “boot loop” when the phone’s encryption was turned on. “All we had done was remove the ability to call up the developer menu,” Weir-Jones explained. “We hadn’t isolated the bug yet and had to burn a ROM to ship the first phones.” ADB will be turned back on once the bug is fixed, as part of an over-the-air patch.
In a blog post, Dan Ford explained SGP’s position on the ADB issue. “Disabling ADB is not a security measure,” he wrote. “And was never meant to be — it will be returning in an OTA to Blackphone in the future once the boot bug is resolved; the realities of getting a product manufactured and shipped within the available manufacturing window meant a quick fix was needed. No root or other privilege escalation was required in order for this to be performed.”
Sawyer disputed that assertion. “I disagree with [Ford’s] statement that enabling USB debugging when they explicitly disabled the ability to do so is not a vuln,” he tweeted.
The second vulnerability leveraged in the hack went after Blackphone’s remote wipe functionality. The code that shipped on the Blackphone had been compiled with debugging enabled, which meant that an attacker could leverage the code to elevate his or her system privileges on the phone. SGP had already caught that bug independently, and it sent out a patch as part of an over-the-air update.
The last piece of the attack was a previously undisclosed bug. Sawyer described that bug as “really impractical to hit, and very hard, and very low risk” as it requires that the attacker has already elevated permissions to those of a system user to pull off.
Part of what kicked up the dust around Sawyer’s hack was the initial interaction he had with the Blackphone team on site. SGP doesn’t have a bug bounty program. So when someone at Blackphone’s table handed Sawyer a t-shirt after he reported his rooting, he refused it, as he had already gotten one with his purchase of the phone. But he did go and modify the one he had.
“The shirt was the most impressive part of the hack, considering I had it made in minutes,” Sawyer said. When Ford saw the shirt, Sawyer recounted, he laughed.
Weir-Jones explained that bug bounties are contrary to the company’s philosophy of “democratic access” to information—aside from the fact that it would be too expensive for the small company. “Usually, bug bounties are run by larger companies, after they’ve had time to really tighten down code themselves,” he explained.
To be fair, BlackBerry also doesn’t have a bug bounty program. And Blackphone’s PrivatOS is open source, as are the Silent Circle applications. And as Sawyer said, the Blackphone vulnerabilities were eclipsed in severity by the attacks on the BlackBerry and other phones that were unveiled at Black Hat. “Two mobile Black Hat talks were 1000 times more impressive and scarier than my disclosure,” he posted to Twitter.
Beating the baseband
One attack, demonstrated at Black Hat by Mathew Solnik and Marc Blanchou, used the embedded over-the-air management interfaces used by wireless carriers to perform carrier-pushed configuration updates. They were able to gain root access to BlackBerry phones, as well as some Android phones and the Sprint configuration of some iOS devices. The devices most vulnerable to the attack were the BlackBerry Z10 and the HTC One M7.
The attack takes advantage of the machine-to-machine (M2M) interface used by carriers to do remote provisioning of the phone when it’s purchased and to push out communications updates. The interface is part of the baseband configuration of the phones—it leverages the baseband processor, which is the system-on-chip that handles the connection to cellular networks. On some devices, the baseband chip can access local storage and memory used by the smart phone’s operating system and be used to gain root-level access.
At Def Con, Ars talked with Jon Callas and Dan Ford about the baseband question. Callas said that the baseband processor in the Blackphone, which is made by Nvidia, has no such access to the memory and storage used by PrivatOS. “It’s completely segregated,” Callas said. Blackphone is looking at ways to provide an audit of the phone’s baseband code to assure users that the cellular modem can’t be made into what amounts to a hostile router, “but we assume that it’s a hostile router in the way we developed PrivatOS,” Callas added.
It’s clear that there are a number of issues left to be fixed with Blackphone. There’s an app store in the works that will provide a curated set of pre-audited Android applications, and there have been requests from some customers for a physical switch to turn off the phone’s camera and microphone. There have also been complaints about the phone’s LTE support.
But for a company of about 100 people just a month into its first product’s lifecycle, SGP has already shown how serious it is about security. Ford said that the Blackphone team turned around the patch to one already-discovered issue and shipped it out as an over-the-air update “in less than 48 hours.”