Technology

Hacker claims to have successfully hacked Bphone


By exploiting the vulnerability available on Bkav Mobile Secutiy, bad guys can bypass the security feature of Bphone to unlock the stolen device.

An anonymous hacker recently suddenly posted an article on how to hack Bphone on his personal Blogspot page. With a few technical manipulations, this person can crack the anti-theft feature equipped on newly launched Bphone phone models.

According to the hacker’s share, this security hole was discovered 4 years ago on the Bphone 3 but can still be exploited until now. To prove his statement, the hacker also published a long article describing the vulnerability he discovered.

Hacker claims to have successfully bypassed the anti-theft feature of Bphone.

Specifically, by decompiling the Bkav Mobile Security security application pre-installed on Bphone, this person found the application that has the function of sending a request to Bkav’s server to check the device’s status and lock it when needed. set.

According to the hacker, Bphone phones communicate with the server through sending SMS messages. This is the reason why Bphones are introduced to be anti-theft even when not connected to the network.

The communication will be done every time the phone owner replaces the SIM or turns on the phone. At this time, a message containing encrypted information such as Chip ID, IMEI, … will be sent to one of Bkav’s “switchboard” phone numbers.

From the information received, the server will check if the owner of the phone has reported a lost phone. In case the phone is determined to be lost, the server will return an SMS to perform the lock operation.

Hacker claims to have successfully hacked Bphone
Hackers can forge SMS messages sent from the server to the phone to unlock the device with any code (passcode).

The security flaw of Bkav Mobile Security is not checking the sender’s identity. Regardless of the sender, the system will record and process the message content according to the correct syntax.

With some technical manipulation, the hacker then finds out the structure of the (encrypted) message that the server returns to the phone. Notably, the hacker said he had found the fixed key that Bkav used to encrypt and decrypt data.

By identifying the vulnerability that does not check the identity and detect the fixed key, hackers can forge SMS messages sent from the server to the phone to unlock the device with any code (passcode). This is how this person cracked the anti-theft feature of Bphone.

This is the 2nd security incident related to Bkav in just a month. In December 2021, this technology company also got into trouble when it leaked user information. As a result of the incident, about 200 users of different Bkav product lines were implicated.

Hacker claims to have successfully hacked Bphone
Bkav CEO Nguyen Tu Quang once affirmed that 89% of this manufacturer’s customers can find their lost devices.

When VietNamNet contacted Bphone’s production unit, Bkav’s representative said that the company has not yet made an official statement about the case.

However, in the community of Bphone users, there is information that even if you bypass the Bkav Mobile Security application with a fake message, as long as the phone is still connected, the device will still automatically lock after receiving it. the lock command is sent periodically from the server.

Previously, when launching a set of 3 new Bphone phone models, Bkav CEO Nguyen Tu Quang once said that the company has deeply integrated security technology into the hardware of the device. Thanks to that, Bphones become invulnerable. The bad guy holding the phone can’t use or control the device even after restoring the factory settings.

According to Mr. Nguyen Tu Quang: “In case the machine is lost, the server owner only needs to issue a lock command, the machine will turn into a “paperweight” and cannot be sold to shops consuming stolen goods. Thanks to special anti-theft technology, 89% of customers find their lost device.”

Trong Dat

More Vietnamese businesses are suspected of being

More Vietnamese businesses are suspected of being “visited” by hackers

This is just one of many data leaks that have been happening to Vietnamese businesses recently.

.

Leave a Reply

Your email address will not be published. Required fields are marked *