Exploiting Silent Circle’s Secure Blackphone

Red Naga has publicly posted its training materials on GitHub, including the steps the group used to find mobile device vulnerabilities.

At a high level, the approach is all about looking for items that appear to be misconfigured in some way. Using that approach, Strazzere found an open socket on the Blackphone and began to investigate if that opening could be used to tell the device to do something it shouldn’t be able to do. The open socket was not an open network port that would have been easily viewable by a remote attacker.

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis