Skip to main content

Blackphone hits back at DefCon hacker

Blackphone has responded to @TeamAndIRC, the hacker that managed to crack the company's high security smartphone.

Justin Case, who goes by the @TeamAndIRC, exposed two vulnerabilities within the phone at the DefCon conference and posted photo below.

Chief security officer of Blackphone, Dan Ford, gave his company's take on Case's actions in two blog posts.

Read more: Hacker exploits Android and roots Blackphone at DefCon conference

"The researcher @TeamAndIRC was a little miffed at our initial response to his inquiry and I understand his point," he said in reaction to the t-shirt.

"The ironic part to this is I would have absolutely gone over and made that t-shirt for him myself once the full vulnerability was explained."

Ford claimed that the first hack, where Case managed to turn on the Android Debug Bridge (ADB), was harmless. Simply turning it on is not a hack, he said, since it is a part of the Android operating system.

"We turned ADB off because it causes a software bug and potentially impacts the user experience, a patch is forthcoming," he assured readers.

Case's second discovery was "accurate" he said, Blackphone having "found this vulnerability on July 30, had the patch in QA on July 31, and the OTA update released on August 1."

"That is pretty fast no?" he appealed.

Throughout the blog posts Ford was keen to stress Blackphone's ability to implement a fix "faster than any other OEM" and that each hack required the end user to be manually operating the phone, ruling out remote attacks.

Read more: A closer look at the Blackphone and why it's more anti-Google than anti-government

Have a read of Part 1 and Part 2 of Ford's blog for more depth.