Blackphone Gets Root Access in MORE Than Five Minutes
Security is a rather paramount issue in this day and age where sensitive technology is handed to people who probably should not have it until they are old enough to drive. People are as widely, overtly inappropriate on the Internet as they humanly can be, yet they have the audacity to reach out for web outlets whenever their “stuff” leaks out into the Internet. Then, these same people are the ones who complain that hackers and the government are after them because of all the important (eye of the beholder) text messages that are stored in their devices are gone. After all, nothing screams “national security threat” like a message from your mom asking if you want meatloaf for dinner. That is one side of the coin, while the other side involves people who truly need to have some sanctuary from the horrors of the likes of hackers, root, or even the government. They can, and probably are, holding onto important information on their e-mail accounts and whatnot that could jeopardize something worth going after. So, how do the latter deal with such a sword of Damocles dangling on top of their heads? The answer is to get a phone that is secure enough to hold all their stuff. Enter the Blackphone.
The Blackphone is a device made by a joint venture between Silent Circle and Geeksphone, which is now known as SGP Technologies. The device is an Android phone unlike many others out there. The main difference between this and your [enter your device name here] lies mainly in the software make up of the phone. Yes, it still runs on Android, but with a modified version of the OS (read: custom ROM) known as PrivatOS. This ROM has been loaded with several “secure” applications that should make you feel more secure while going about your daily routine. Also, the phone’s security has been boasted by the company to be parallel to none as the PrivatOS is more mature than most OEM options currently out there and therefore, most (if not all) vulnerabilities are nothing but a thing of the past. So much was their confidence that the company decided to take their product into one of the largest hacker expos, Def Con. Now, as you are aware, there are various types of hackers, all with very different motivations to do what they do, but one thing that they do have in common: They sure do love a challenge when presented with one, and XDA Senior Recognized Developer and Forum Moderator jcase is no exception.
According to jcase, the device was rooted but it was not an easy task as reported by many, many, many other blogs (several of these pro Blackberry blogs taking this opportunity to take a few stabs at their new competitor, which is a fight that equates Android users and iOS users to a certain extent). Most of them reported that the entire ordeal lasted a whopping 5 minutes, which is factually incorrect (and in fact, many have either withdrawn the articles or amended them with the proper information). Jcase goes on to state that there were 3 different vulnerabilities found in the device at the time, and that root was achieved without the need to unlock the device’s bootloader.
The first vulnerability found was a way to re-enable ADB on the device, which is disabled by default. The company went a few steps further than simply disabling ADB and decided to do away with Developer Menu altogether. The company came back stating that this was not done as a security measure but rather as a temporary fix due to USB ADB connectivity creating stability and performance issues on the device (when ADB was on and encryption was turned on, the device was said to go into a bootloop). Due to a pressing and rather tight schedule, instead of trying to quickly work out a patch to see where the issue was, they simply swept it under the rug until they could find what was causing the problem with hopes to push an OTA update to re-enable the missing dev options and ADB with it. In any case, this vulnerability (regardless of whether the company admits it or not) was required to get the root method to work.
The second part of the root process involved a lot of tinkering with the actual device. First and foremost, you needed to get USB ADB going on it (hence, the previously mentioned vulnerability). Next, you pretty much need to flat out ignore any and all recommendations by the manufacturer during set up. Next up, device encryption needed to remain off and you needed to grant permission to “unknown sources” for installing apks. And last but not least, you needed to either disable or at the very least know the PIN to the device in question. There was a third part in the whole exploit process but jcase has decided not to disclose this part to the general public and instead reported it to the company.
The entire affair was not exactly short lived, despite what other blogs may state and jcase walked out of this one with nothing but bragging rights and a custom made t-shirt, effectively letting the company know what he thought about the “reward” for his efforts. This, however, was really nothing but a joke as jcase holds no ill will against the company and in fact, has gone on to say that he appreciates the professionalism displayed by their CSO and CEO regarding the entire ordeal. Yes, the device was rooted but it is far from being the insecure junk that Blackberry users make it seem. This device is an alternative to those who own BB devices and cannot justify giving up the security perks of the device for a brand new and shinny Android phone. Yes, the device may have obtained root access but that does not make it any less secure. So, to all the people out there who brag about BB’s security, lets just say that you may be picking attention from the very people your “security” is meant to drive away. Just remember, in the words of JFK
We choose to go to the moon in this decade and do the other things, not because they are easy, but because they are hard, because that goal will serve to organize and measure the best of our energies and skills, because that challenge is one that we are willing to accept, one we are unwilling to postpone, and one which we intend to win, and the others, too. – John F. Kennedy
Just replace “go to the moon” with “hacking BB10”. You can find more information in the original (and actually accurate) article from Ars Technica.