[Editor's note]: Since the first report came out, more details have surfaced regarding the vulnerabilities with the Blackphone. These new details and corrections have been added/fixed below.
Remember that “secure” Android phone that was looking to steal marketshare from BlackBerry? Yup, the Blackphone, which was called out by BlackBerry as “Consumer-Grade Privacy That’s Inadequate for Businesses.”
The Blackphone’s bootloader did not need to be unlocked for ADB to be enabled. Blackphone’s team was mocked, with the hacker claiming, “It is apparent no one ran CTS on this device.” According to Blackphone’s creators SGP’s Chief Security Officer Dan Ford, “Turning ADB on is not a vulnerability, as this is part of the Android operating system. We turned ADB off because it causes a software bug and potentially impacts the user experience; a patch is forthcoming.”
The second flaw found by Justin Case was actually patched by Blackphone in a previous software release. Justin Case’s device didn’t have the latest software update, so thus that vulnerability still existed. The third flaw was not disclosed publicly, but it was previously unknown. SGP has been notified and is working on a patch for it.