Bughunter cracks “absolute privacy” Blackphone – by sending it a text message by Paul Ducklin.
From the post:
Serial Aussie bugfinder Mark Dowd has been at it again.
He loves to look for security flaws in interesting and important places.
This time, he turned his attention to a device that most users acquired precisely because of its security pedigree, namely the Blackphone.
…
What Dowd found is that text messages received by a Blackphone are processed by the messaging software in an insecure way that could lead to remote code execution.
Simply put, the sender of a message can format it so that instead of being decoded and displayed safely as text, the message tricks the phone into processing and executing it as if it were a miniature program.
Dowd’s paper is a great read if you’re a programmer, because it explains the precise details of how the exploit works, which just happens to make it pretty obvious what the programmers did wrong.
That means his article can help you avoid this sort of error in your own code.
…
Don’t get too excited because Blackphone has already issued a patch for the problem.
On the other hand, Paul’s lay explanation of the exploit could lead to a hard copy demonstration of the bug for educating purchasers of programming services. Imagine a contract that specifies the resulting software is free from this specific type of defect. That can only happen with better educated consumers of software programming services.
Are there existing hard copy demonstrations of common software bugs? Where a person can file out a common form such as Paul’s change of address and see the problem with the data they have entered?
Beyond this particular exploit, what other common exploits are subject to similar analogies?
This could be an entirely new market for security based educational materials, particularly for online and financial communities.