Nasty Blackphone vulnerability allowed decryption and worse

The theoretically super-secure Blackphone had a very serious bug in its SilentText chat app, security researcher Mark Dowd revealed Wednesday after informing the phone’s makers. The vulnerability in Silent Text, which is also available for other devices from Blackphone backer Silent Circle, made it possible for attackers to decrypt messages, take over Silent Circle accounts, gather contacts and location data, and basically take over the phone. The flaw was patched before Dowd went public, and Silent Circle has expressed its gratitude. Probably not the best publicity for the firm as it criticizes other apps for their excessive permission demands on Data Privacy Day, though.